This week’s headline story: The Web suffers a heart attack
A newly discovered security bug nicknamed Heartbleed has exposed millions of usernames, passwords and credit card numbers — a major problem that hackers could have exploited during the more than two years it went undetected. The bug was found in a type of software called OpenSSL, which is used on servers to encrypt sensitive information to protect people’s privacy. At least 500,000 servers were reportedly vulnerable.
It’s unclear exactly how much Heartbleed has been exploited, and what data has been stolen. But tests have shown that the security hole can be exploited to steal a server’s encryption keys, and then use those keys to impersonate servers or to decrypt communications.
Security experts are advising users to change their passwords on services where the security hole has been patched, warning that changing passwords on unpatched systems will only serve to make new passwords vulnerable to hackers. A list of which sites have been patched is available in the show notes.
- List of patched sites: mashable.com/2014/04/09/heartbleed-bug-websites-affected/
- The Heartbleed Hit List: The Passwords You Need to Change Right Now
- Major bug called ‘Heartbleed’ exposes Internet data [The Washington Post]
- Users’ Stark Reminder: As Web Grows, It Grows Less Secure [NYTimes]
- ‘Heartbleed’ computer bug threat spreads to firewalls and beyond [Reuters]
- Heartbleed Bug Breaks Internet Encryption, Steals Yahoo Passwords [NewsFactor]
- Heartbleed Bug Jolts IT Admins [NewsFactor]
- Heartbleed Bug Could Disconnect Internet of Things [NewsFactor]
- Is Heartbleed the Biggest Web Security Threat Ever? [NewsFactor]
- Resetting All Passwords Now May Be Worst Heartbleed Fix [NewsFactor]
- What Should You Do About Heartbleed? Excellent Question. [Technology Review]
- Many Devices Will Never Be Patched to Fix Heartbleed Bug [Technology Review]
and elsewhere in Tech News.
- Stanford engineers design video game controller that can sense players’ emotions [Stanford News]
Stanford engineers have developed handheld game controllers that measure the player’s physiology and alter the gameplay to make it more engaging. So, for instance, a game might throw more zombies on the screen when it senses the player is bored.
- Off the shelf, on the skin: Stick-on electronic patches for health monitoring [UI News]
Engineers at the University of Illinois and Northwestern University have developed thin, soft stick-on patches that stretch and move with the skin and incorporate commercial, off-the-shelf chip-based electronics for sophisticated wireless health monitoring.
and in Information Security news this week..
- Google Expands Virus Scans to All Apps, Not Just Play Store [NewsFactor]
Reacting to increasing malicious apps targeting android devices, Google is expanding its Verify Apps service beyond the app store to periodically scan already installed applications on devices.
- States Probe Massive Data Breach at Experian [NewsFactor]
In what could be one of the biggest data breaches in history, the federal government and authorities in several states are investigating the criminal sale of Social Security numbers, bank account data and other personal information for up to 200 million U.S. citizens stolen from Experian subsidiary Court Ventures.
- Making Retailers Liable for Damages from Hacking [NewsFactor]
Motivated by the huge Target department store data breach, California lawmakers say retailers should be held liable for such hacks. One bill would shift the responsibility for any data breach from the banks and credit card issuers to the retail businesses where the breach occurred. The measure may create the year’s biggest business dispute.
and in Tech Industry news…
- Twitter Applies a New Coat of Face(book) Paint [Ecommerce Times]
Twitter is enriching its user profile features with larger profile photos, customizable headers, and an enlarged presentation of popular tweets. The new look is decidedly Facebookish. The intent is to give users more reasons to stay logged in and fewer reasons to use the competition.
- IBM Celebrates 50th Anniversary of Mainframes, Unveils Cloud Services [NewsFactor]
Last week IBM celebrated the 50th anniversary of its mainframes by announcing new cloud services for businesses. The new services include the first System z-based integrated system for the cloud, called the Enterprise Cloud System.
© 2012 Cengage Learning, Inc. All rights reserved.
Republication, reproduction or redistribution of Cengage Learning, Inc. (“Cengage Learning”) content, including by framing or similar means, is prohibited without the prior written consent of Cengage Learning. To request permission to photocopy, duplicate, republish or otherwise reuse Cengage Learning material, or for efiles for students with disabilities, go to www.cengage.com/permissions.