Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

First victims of Heartbleed revealed

by The Gurus
April 15, 2014
in Editor's News
Share on FacebookShare on Twitter

The Heartbleed story took a major turn last night, as it was revealed that at least two websites have suffered breaches as a result of the vulnerability.
 
Canada’s CBC news reported that hundreds of Canadians had their social insurance numbers stolen from the revenue website due to the OpenSSL flaw, but it waited until Monday to make it public. “The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokesperson for the Privacy Commissioner’s Office in a written statement Monday afternoon.
 
The revenue agency confirmed that approximately 900 social insurance numbers were breached, and it is currently analysing other fragments of data.
 
Keith Bird, Check Point’s UK managing director, said: “Hackers were obviously alert to the vulnerability, and quick to exploit it. The agency has done the right thing by stating it will contact those affected via registered letters only, and that attempts to contact taxpayers via email or telephone will be fraudulent.
 
“I believe we’ll see more announcements like this over the coming days.  So it’s really important that people are cautious about clicking on any links in emails that they receive from organisations claiming that their security has been affected as a result of Heartbleed, no matter how plausible the emails appear to be.”
 
Following Bird’s comment, it was reported by the Telegraph that data of all 1.5m members of Mumsnet may have been compromised. The parenting website suspected that passwords and personal messages may have been compromised before it installed the patch last week.
 
In an email to members, it said: “On Friday 11th April, it became apparent that what is widely known as the Heartbleed bug had been used to access data from Mumsnet users’ accounts. We have no way of knowing which Mumsnetters were affected by this. The worst case scenario is that the data of every Mumsnet user account was accessed.” This access may have been possible due to hackers collecting login details and accessing user accounts.
 
Paul Martini, CEO at iboss Network Security, said: “Heartbleed could be seen as a convenient scapegoat for data loss that occurred a different way.  Its prevalence could make it an attractive finger pointing exercise to potentially reduce data loss liability compared to say some other negligence.
 
“There isn’t necessarily a way to trace a historical Heartbleed hack unless every IP and amount of transferred data was being recorded, which could be used to indicate a hack in the past. However, the likelihood of having this kind of data stored is small. In addition, the hack to steal the key is not necessarily correlated to the data theft. So, even having this kind of historical data does not provide much insight.
 
“Unfortunately, there’s isn’t one thing in particular that companies should look for if they are concerned about a historical hack. Instead, companies should replace their SSL certificates with new ones as soon as possible.”
 
Fred Kost, vice president of security solutions at Ixia, said: “Since the initial news of Heartbleed last week, the big question that remained was around the ease of exploiting this vulnerability. With th
e latest news, the Heartbleed vulnerability went from being theoretical to very real, as attackers have been able to extract a private key from memory, further putting 1.5 million users at risk.
 
“As many have speculated, this is a very dangerous vulnerability in a widely deployed SSL implementation and when a hacker steals the organisation’s private key, this type of infiltration is not easily detected.
 
“In order to protect themselves from becoming the next victim, enterprises should first deploy the patch and then begin changing their private key to help protect against man-in-the middle attacks that might use the stolen private key. Although this can be a complex process and will take organisations a while to complete, not as simple as just applying the patch, organisations can move in the right direction by taking action now.”

FacebookTweetLinkedIn
Tags: FlawHeartbleedOpen Sourcepassword
ShareTweetShare
Previous Post

UK Armed Forces engineering students secure laptops with ViaSat hard drive encryption

Next Post

Heartbleed tools often flag false negatives

Recent News

safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information