Top 10 Stories

New York Times: The bug known as Heartbleed, a flaw widely replicated in the main system for encrypting consumers’ online data, is a stark reminder that the Internet is still in its youth, and vulnerable to all sorts of unseen dangers, including simple human error. Today’s digital systems are complex and penetrate every corner of our lives. It is impossible to lock them down. “Heartbleed is further evidence that we don’t have our house in...

Hot for security: The Anonymous hacker group announced today that it attacked some 500 Israeli web sites during a coordinated offensive over the Gaza conflict, according to IBTimes.   The cyber-attacks, most of them distributed denial of service, coincide with Holocaust Remembrance Day. Government and administration web sites were targeted most.  

IT Security Guru: Users are being encouraged to change their passwords because of the OpenSSL flaw, but there is no guarantee that sites have been patched. Speaking to IT Security Guru, Thom Langford, director of the global security office at Sapient, said that advice to change passwords was “utterly pointless” and a knee jerk reaction to advise changing passwords on a compromised system as then the new password could be intercepted.    

Infosecurity: Medina Capital, the equity investment firm focused on the IT infrastructure sector, is fleshing out its security portfolio with the purchase of Cryptzone. The publicly traded company offers encryption and identity and access management (IAM) solutions. Cryptzone protects enterprise information assets, corporate applications and other network resources, including Microsoft SharePoint environments. The firm's customers include five companies from the Fortune 50 and various government agencies, which are using Cryptzone for document security, access control...

Errata: Just an update on "HeartBleed". Yesterday I updated my "masscan" program to scan for it, and last night we scanned the Internet. We found 28,581,134 machines (28-million) that responded with a valid SSL connection. Of those, only 615,268 (600-thousand) were vulnerable to the HeartBleed bug. We also found 330,531 (300-thousand) machines that had heartbeats enabled, but which did not respond to the heartbleed attack. Presumably, this means a third of machines had been patched...

CS Monitor: Russian and Ukrainian ground forces are keeping their conventional weapons holstered for now, but it's an escalating shooting war in cyberspace. Ukrainian government computers were hit with 42 separate cyberattacks during the Crimea referendum on March 16, according to media reports. The following day Russian websites were targeted by an even more muscular counterstrike. It's new proof that the world is entering a dangerously unstable and suspicious era, all the more troubling because...

SC Magazine: The Center for Internet Security (CIS) has issued an alert warning about the potential for an increase in attacks on educational institutions. In the alert issued on Friday, CIS said that 'OpSafeEdu,' the latest operation allegedly organized by members of the loosely knit hacker collective Anonymous, may result in attacks on private and public institutions.  

  Wired: How do you avoid becoming the Next Big Retail Breach Target? There are plenty of points — and counterpoints — on the topic. As a cybersecurity professional who has specialized in compliance with the Payment Card Industry (PCI) Data Security Standard for more than a decade, I have a great deal of thoughts to share. So consider this the first of a five-part blog in which I’ll lend my perspective about the state...

Graham Cluley: Microsoft has temporarily suspended distribution of Windows 8.1 Update, after it was found that it can cause some updated PCs to actually stop looking for future updates. The irony is, of course, that Windows 8.1 Update is a mandatory update, which – as I described yesterday on the Lumension Optimal Security blog – is required if you want to receive future security updates.    

  CBC: The Heartbleed web security bug that's raised vulnerability concerns across much of the web and prompted the Canada Revenue Agency to block access to part of its site Wednesday is no threat to the bank websites in Canada, the group that represents the industry says. "The online banking applications of Canadian banks have not been affected by the Heartbleed bug," the Canadian Bankers Association said Wednesday. "Canadians can continue to bank with confidence."...