Venafi Labs Analysis: Hearts Continue to Bleed Heartbleed One Year Later – Vast Majority of Global 2000 Organizations Remain Vulnerable to Cyberattacks Executive Summary – “Using the recently released Venafi TrustNet certificate reputation service, the Venafi Labs team re-evaluated SSL/TLS vulnerabilities in Q1 2015 and found that most Global 2000 organizations have failed to completely… Continue Reading
Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002
Search Results for: heartbleed
FTC- Heartbleed May Cause You Some Heartache
News release: “If you’re thinking “Heartbleed” sounds serious, you’re right. But it’s not a health condition. It’s a critical flaw in OpenSSL, a popular software program that’s used to secure websites and other services (like VPN and email). If your company relies on OpenSSL to encrypt data, take steps to fix the problem and limit… Continue Reading
Search Engine Backed by Internet-Wide Scanning
“Censys is a search engine that enables researchers to ask questions about the hosts and networks that compose the Internet. Censys collects data on hosts and websites through daily ZMap and ZGrab scans of the IPv4 address space, in turn maintaining a database of how hosts and websites are configured. Researchers can interact with this… Continue Reading
Cybersecurity: The changing role of audit committee and internal audit
Deloitte: “Among the most complex and rapidly evolving issues companies must contend with is cybersecurity. With the advent of mobile technology, cloud computing, and social media, reports on major breaches of proprietary information and damage to organisational IT infrastructure have also become increasingly common, thus transforming the IT risk landscape at a rapid pace. International… Continue Reading
Mozilla Cybersecurity Delphi 1.0: Towards a user-centric policy framework
“From compromises of some of the world’s largest corporations, to critical vulnerabilities in widely used open source software, to exponential growth in the number of connected devices and users, the need to proactively design policies and practices to secure users and Internet infrastructure has never been greater. Yet, cybersecurity public policy conversations too often are… Continue Reading
Internet Monitor 2014: Reflections on the Digital World
“Internet Monitor is delighted to announce the publication of Internet Monitor 2014: Reflections on the Digital World, the project’s second annual report. The report is a collection of roughly three dozen short contributions that highlight and discuss some of the most compelling events and trends in the digitally networked environment over the past year. The publication,… Continue Reading
IBM X-Force Threat Intelligence Quarterly, 3Q 2014
Get a closer look at Heartbleed—from the latest attack activity to mitigation strategies – using 2014 mid-year data and ongoing research. IBM, August 2014. “Welcome to the latest quarterly report from the IBM® X-Force® research and development team. In this report, we’ll look at how the Heartbleed vulnerability—CVE-2014-0160, disclosed in April 2014—impacted organizations around the world.… Continue Reading
Forward Secrecy Brings Better Long-Term Privacy to Wikipedia
EFF – “Wikipedia readers and editors can now enjoy a higher level of long-term privacy, thanks to the Wikimedia Foundation’s rollout last week of forward secrecy on its encrypted connections. Forward secrecy is an important Web privacy protection; we’ve been tracking its implementation across many popular sites with our Encrypt the Web Report. And though it may sound… Continue Reading
Gallup – Few Consumers Trust Companies to Keep Online Info Safe
One in five have “a lot of trust” that companies safeguard personal data, by John Fleming and Elizabeth Kampf “Recent incidents such as Target’s security breach, the Heartbleed bug, and eBay’s systems hack have called attention to how much consumers trust the businesses they patronize to keep their personal information safe. That trust currently appears to… Continue Reading
Financial Institutions Directed to Respond to Hearbleed Attacks
Via American Banker: “The Federal Financial Institutions Examination Council said Thursday that it expects “financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the vulnerability.” OpenSSL is open-source software that lets web sites encrypt communications with visitors. A vulnerability has been found… Continue Reading
EFF- Why the Web Needs Perfect Forward Secrecy More Than Ever
“EFF has long advocated for websites to support HTTPS instead of plain HTTP to encrypt and authenticate data transmitted on the Internet. However, we learned yesterday of a catastrophic bug, nicknamed “Heartbleed,” that has critically threatened the security of some HTTPS sites since 2011. By some estimates, Heartbleed affects 2 out of 3 web servers on the Internet. Heartbleed isn’t a… Continue Reading
