Editor's News

The Heartbleed story took a major turn last night, as it was revealed that at least two websites have suffered breaches as a result of the vulnerability.   Canada’s CBC news reported that hundreds of Canadians had their social insurance numbers stolen from the revenue website due to the OpenSSL flaw, but it waited until Monday to make it public. “The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the...

Despite claims by the US Government that it was not aware of the Heartbleed vulnerability until it was made public, a news piece has claimed that the NSA knew about Heartbleed for at least two years.   The NSA tweeted a statement on Friday evening, saying that it “was not aware of the recently identified Heartbleed vulnerability until it was made public”. However Bloomberg said that the NSA knew about Heartbleed and regularly used it...

The line-ups for the European Security Blogger awards and BSides London have been announced.   Taking place on Tuesday 29th April at Kensington and Chelsea Town Hall, tickets for the fourth BSides London will be held under the banner of “Connecting People & Agents of All Kinds”.   Following the content for presentation voting process, confirmed speakers include KPMG’s Stephen Bonner, analysts Aaron Finnon and Graham Sutherland and Jericho Forum and Global Identity Foundation co-founder...

Cloud services may be the beneficiary of the Heartbleed flaw, according to DOSarrest CTO Jag Bains.   Bains said that while the magnitude of this event is larger than any previous event, it illustrates how cloud services have been able to significantly reduce exposure for those who use it.   “By concentrating their web technologies to leverage a cloud provider, enterprises were able to focus on whether their cloud service provider were vulnerable or not,...

Thanks should be given to those people who disclose vulnerabilities, not jail time.   Speaking to IT Security Guru, security researcher Joe Grand, who was in the Boston hacker space L0pht as member Kingpin, said that the people who publicly release research should be thanked and treated as beneficial to the community, instead of putting them in jail.   The L0pht was known for finding vulnerabilities in software and reporting them to the affected companies....

Canadian banks are not affected by the Heartbleed bug, according to its representative body.   According to CBC, the OpenSSL flaw is no threat to the bank websites in Canada. The Canadian Bankers Association, said: “The online banking applications of Canadian banks have not been affected by the Heartbleed bug. Canadians can continue to bank with confidence."   “Banks have sophisticated security systems in place to protect customers' personal and financial information, including encryption and...

Bug bounties encourage researchers to be motivated by money rather than pushing for a safer environment.   Speaking to IT Security Guru, Cris Thomas, technical manager at Tenable and former L0pht member Spacerogue, said that the group’s efforts were in an aim to get security right and get things fixed. Asked if he felt that the introduction of bug bounties has made things better, he said he “wouldn’t call it better now”.   He said:...

Vulnerabilities in devices that are not typical hardware or software are often not fixed.   Speaking to IT Security Guru, Cris Thomas who was SpaceRogue in the hacker space L0pht and was appointed as technical manager of Tenable in January, said that the race to find vulnerabilities and earn money has led to security issues being found in technologies where they didn’t exist previously, or where no-one thought to look for them before.   He...

  As part of an effort to make its educational resources available to academia, ISC)2 has launched a Global Academic Programme.   In an effort to help meet the global demand for more skilled cyber security professionals, accredited academic institutions will have access to new resources and support from the CISSP community, with educational resources updated regularly by its members and industry luminaries, the (ISC)2 common body of knowledge incorporates disciplines within information security, software security, forensics...

Entrust has combined its IdentityGuard cloud services into a single platform. Now combining SSL, discovery, smart credentials, PKI and device certificates, the IdentityGuard allows users to go to a common place with different accessible services, according to Jay Schiavo, director of products and markets at Entrust. He said: “This is now a unified platform and the product solution has set the services together and we are responding to request for service. This is a common set...