Posted on

Heartbleed Bug – Don’t trust the “HTTPS”

You have always been told to look for the Lock symbol in any website; that the lock indicates that you can a) trust that the website says they are who they are b) that any data you exchange with the website will be encrypted and no one else can read it. For eg. when you log in to your bank account, the lock gives you the assurance that no hacker on the internet can read your password and that you are indeed logging on to your bank’s website and not a bogus pretender bank website.

Though these things are true, a bug has been recently discovered in a software called OpenSSL. This bug can mean that, for websites that use the particular versions of OpenSSL that are affected, both of the above assertions may not be true. This bug enables a malicious hacker on the internet with no knowledge of any password related to the site with a vulnerable OpenSSL to a) possibly read any encrypted data that is flowing between the site and its users b) Use this knowledge of encrypted data, specifically private keys, to impersonate the affected website.

The malicious user can do all of the above because the so called “Heartbleed Bug” allows a malicious user to read a portion of website memory. This memory will contain at various points in time, private keys, passwords and other sensitive information which the malicious user can steal for further hacking.

It appears that the bug has been out in the open for more than 2 years and a public announcement regarding the bug was made last week – sending security professionals into a tizzy.

According to Netcraft, over a half a million websites continue to be affected by this vulnerability. A fairly recent list of websites affected is available on GitHub and includes popular websites like yahoo.com. Ironically, it appears as if the website of openssl.org itself is vulnerable.

Websites that use a vulnerable version of SSL would do well to move to a version that is patched.

Posted on

Secure your network – Pitfalls to be avoided

We have all seen lists upon lists of “How to secure your network”. We have grown immune to these well meaning rants, just as a teenager blocks out his parent’s “lectures” (No parent would call it a “lecture” while all kids will insist it is a “lecture, a boring one at that”). So, we decided to put on our thinking caps, after vigorously dusting it, and tried to come up with a list pitfalls to avoid; that will, hopefully, not be relegated to the annals of lecture fiefdom.
Continue reading “Secure your network – Pitfalls to be avoided”

Posted on

CrowdInspect gives your running processes a thorough malware inspection

Malware needs to run on a system to be effective, which is why you will find many malicious software running as a process when you open the Task Manager. The main issue here for many users is that it is not often that easy to distinguish between legitimate programs and malware, as process names do […]

Do you enjoy our publications? Consider supporting us by becoming a member. Pay what you like and get access to an ad-free site and a member’s only forum!

The post CrowdInspect gives your running processes a thorough malware inspection appeared first on gHacks Technology News., all rights reserved.

via https://ift.tt/1coOuFD