« First...102030...2,3762,3772,3782,3792,380...2,3902,4002,410...Last »

Heartbleed bug may expose masses of sensitive data

Posted on by

By Danny Yadron

An encryption tool used by a large chunk of the Internet is flawed, potentially exposing reams of data meant to be hidden from prying eyes.

( Have you been affected? Use this tool to check to see if a website youre visiting is open to attack via the Heartbleed flaw. And read this FAQ from the company that discovered the flaw.)

The bug, nicknamed Heartbleed by researchers at Google Inc. /quotes/zigman/30194416/delayed/quotes/nls/goog GOOG +0.22% and cybersecurity firm Codenomicon, could have affected two-thirds of active websites when it was disclosed Monday, they said.

On Tuesday, website operators, including Yahoo Inc., /quotes/zigman/59898/delayed/quotes/nls/yhoo YHOO +2.10% raced to fix the problem. A Yahoo spokeswoman said the company had made the appropriate corrections. Several researchers said earlier that they had been able to capture Yahoo usernames and passwords.

Many other major websites, such as Google, Amazon.com Inc. /quotes/zigman/63011/delayed/quotes/nls/amzn AMZN -0.24% and eBay Inc., /quotes/zigman/76117/delayed/quotes/nls/ebay EBAY +0.93% appeared to be safe, based on a test created by a researcher for cybersecurity company Qualys Inc. /quotes/zigman/12094171/delayed/quotes/nls/qlys QLYS -0.47%

The bug exploits a problem in certain versions of OpenSSL, a free set of encryption tools used by much of the Internet. OpenSSL is managed by four core European programmers, only one of whom counts it as his full-time job. The limited resources behind the encryption code highlight a challenge for Web developers amid increased concern about hackers and government snoops.

Websites increasingly use encryption to mask data such as usernames, passwords and credit-card numbers. That prevents a hacker lurking at a coffee shop from grabbing personal information out of the air as it travels to a wireless router. This type of encryption is called SSL, or secure sockets layer, or TLS, or transport layer security. When a website is using these forms of encryption, a padlock appears with the Web address in a browser.

Web servers that use the affected versions of the code store some data unprotected in memory. Hackers can grab that data, and reconstruct information about users or keys that would allow them to monitor past or future encrypted traffic.

Anyone can reach out to the Internet and scoop out of the data, said Thomas Ptacek, a researcher at Matasano Security in Chicago. I can be in my office here. I can be in Estonia.

Go here to see the original:
Heartbleed bug may expose masses of sensitive data

Internet security flaw puts millions at risk

Posted on by

Internet users have been warned that sensitive information such as passwords and credit card details have been at risk of theft due to a flaw in the internet's most common encryption software.

The bug, dubbed Heartbleed, was in place for more two years until a fix was announced on Tuesday, andwould have allowed hackers to snoop on encrypted information held and processed by up to 500,000 web servers using the software.

Affected websites and service providers were told to install the update as soon as possible, before hackers were able exploit the now-public flaw.

Tor, the internet anonymity project, said in a statement that users "might want to stay away from the internet entirely for the next few days while things settle".

The flaw was discovered by researchers at the Finnish security firm, Codenomicon.

"We have tested some of our own services from attacker'sperspective. We attacked ourselves from outside, without leavinga trace," Codenomicon said on its website, heartbleed.com.

The breach involves OpenSSL, the most common internet encryption technology which is marked by the small, closed padlock and "https:" on web browsers. The bug meant traffic was subject to snooping even if the padlock was "closed".

The internet company, Yahoo, said its services such as email, Flickr and Tumblr were affected by the flaw, but said it had implemented the fix and there was no evidence security had been compromised.

The company said in a statement Tumblr: "This might be a good day to call insick and take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking, which may havebeen compromised.''

273

See the original post:
Internet security flaw puts millions at risk

How Git redefined open source software development

Posted on by

Apr 09, 2014, 05:00 (0 Talkback[s])

It's not hard to come up with a dozen different reasons why the rise of open source development has been a watershed event in both the software and hardware industries. All of us can build new web applications faster with our feet firmly planted on the shoulders of jQuery, Bootstrap, and Apache. Languages like Ruby, PHP, and Python power the Internet, and operating systems like Linux and FreeBSD provide the foundation for thousands of companies and services.

But open source isn't just about the free tools we have access to, it's also about the community of developers that will help support crazy new ideas and give them a chance to thrive, grow, and change the world; ideas that would never see the light of day in a closed source world.

Complete Story

Related Stories:

Read more:
How Git redefined open source software development

Bitcoin Center NYC To Support Wednesday’s CryptoCurrency Convention By Hosting After-Party

Posted on by

New York, NY (PRWEB) April 08, 2014

Bitcoin Center NYC, the citys only brick-and-mortar Bitcoin institution dedicated to the further adoption of Bitcoin, announced today that the center is supporting the one-day CryptoCurrency Convention on Wednesday, April 9th by sponsoring the events official after-party.

The party will take place at Bitcoin Center NYC starting at 6:00 p.m. on Wednesday, April 9th. It will showcase the live open outcry of bitcoin trading activity of Satoshi Square. Refreshments will be provided courtesy of Bitcoin Center NYC.

CryptoCurrency Convention is a one-day conference that takes place the day after the MediaBistro Inside Bitcoins conference. The mission of the CryptoCurrency Convention is to bring awareness and acceptance to all cryptourrency and provide the necessary education and exposure for adoption. New York being the financial center of the United States, it is only a matter of time before a live virtual currency exchange becomes a reality.

If the Internet were its own country, it would have its own currency. Now it does, said CryptoCurrency Convention organizer Teddy Dupay of Florida. Cryptocurrencies such as Bitcoin are the future, and their possibilities are both endless and unimaginable.

In addition to Bitcoin Center NYCs sponsorship of the CryptoCurrency Convention through holding an after-party, the centers founder Nick Spanos is scheduled to speak at the convention from 2:30-3:30 p.m.

Were excited to have Nick speak at the CryptoCurrency Convention and want to thank Teddy and digital currency developers and promoters by offering them hospitality, said James V. Barcia, Communications Director for Bitcoin Center NYC. Bitcoin Center NYC often supports Bitcoins peers by maintaining close ties with Joseph Fiscella of FlorinCoin, Reggie Middleton of UltraCoin, and Payu Harris of MazaCoin, to name only a few such relationships.

Bitcoin Center NYC is also a key supporter of the MediaBistro Inside Bitcoins conference through its sponsorship of the events Bitcoins Trading Caf located at Booth #409.

Event details are as follows. Time is Eastern.

Wednesday, April 9, 2014

Follow this link:
Bitcoin Center NYC To Support Wednesday's CryptoCurrency Convention By Hosting After-Party

Wikileaks: Julian Assange Teases ‘Announcement Relating To The Future Of The Internet’

Posted on by

Representatives will discuss the "principles of Internet governance and the proposal for a roadmap for future development of this ecosystem," and live hubs will be held in 33 cities across 23 nations to allow the public "real time" interactions with the event inSo Paulo, scheduled for April 23-24.

Originally: Julian Assanges whistleblowing website, WikiLeaks, said it will make an announcement relating to the future of the Internet on Twitter Tuesday.

The site began teasing the announcement on the social media platform before 10 a.m. EDT. Last April, WikiLeaks published more than 1.7 million diplomatic cables and intelligence documents from the 1970s. Those documents included the so-called Kissinger cables, in which former Secretary of State Henry Kissinger was recorded saying, The illegal we do immediately; the unconstitutional takes a little longer.

WikiLeaks drew international attention four years ago when it unveiled a video showing classified cockpit gunsight footage of a 2007 Baghdad airstrike.

Assange announced earlier this month that he was writing a major new book, in which he said he would detail a 2011 encounter with Google (NASDAQ:GOOG) Chairman Eric Schmidt. His publisher said that the book, When Google Met WikiLeaks, includes an historic dialogue between the North and South Poles of the Internet.

The book is scheduled to be published in September, and in it Assange is expected to recall a meeting with Schmidt during his 2011 house arrest, when he argued for the liberating power of the Internet based on its freedom and statelessness -- and Schmidt countered by saying emancipation is at one with U.S. foreign policy objectives and is driven by connecting non-Western countries to American companies and markets, according to publisher OR Books.

This is a developing story. Follow Reporter Thomas Halleck on Twitter for updates @tommylikey

Read more here:
Wikileaks: Julian Assange Teases ‘Announcement Relating To The Future Of The Internet’


« First...102030...2,3762,3772,3782,3792,380...2,3902,4002,410...Last »