Heartbleed is a very serious issue, and getting the word out to all affected parties is necessary, but I am starting to think that the press coverage, with all its hype and incorrect statements about issues surrounding the problem (such as "change your passwords immediately!" before the servers are patched, and "Heartbleed related certificate revocation will slow down secure surfing") has, at least to some extent, become counter-productive.
He explained the hackers took advantage of the fact that Franklin, Tennessee-based CHS, used products made by Juniper, a firm that makes hardware and software to manage computer networks.
Like many of its competitors, it took Juniper several weeks to patch all its affected code after the Heartbleed alert was issued.
Sigma_Orionis wrote:A couple of years ago, I remember posting about a company that was supposed to be considered the "gold standard" for non password-based authentication RSA SecureID, being hacked,
No, you shouldn't have to choose a Bank or a Hospital or a particular service because of some "Cyber security rating". And no, I have no answers, and No, nothing I say here will make you feel any better or make you change your mind. It sucks, period.
Swift wrote:Sigma_Orionis wrote:A couple of years ago, I remember posting about a company that was supposed to be considered the "gold standard" for non password-based authentication RSA SecureID, being hacked,
They are who our corporation uses for our security tokens
SciFi Chick wrote:It seems like, on a scale like this, we're probably dealing with terrorists that would like to cripple us technically, more so than someone who wants to steal $20 out of my bank account. Does that sound like a reasonable assessment?
Swift wrote:SciFi Chick wrote:It seems like, on a scale like this, we're probably dealing with terrorists that would like to cripple us technically, more so than someone who wants to steal $20 out of my bank account. Does that sound like a reasonable assessment?
That isn't my assessment (but what do I know). My guess is that this isn't someone who wants to steal $20 out of your bank account, its a criminal organization who wants to steal $20 out of millions of bank accounts. Or better yet, sell the information to another organization that wants to do that.
Sigma_Orionis wrote:In this BBC article the author muses using biometrics.
If you ask me, the least bad of all options are passphrases combined with another method, most probably Biometrics, security tokens or cards sound like they will be hard to implement on a very large scale.
Sigma_Orionis wrote:Bad year for Secure Communication Protocols all around
Annus HORRIBILIS for TLS! ALL the bigguns now officially pwned in 2014
Microsoft stuff has a bug that at first blush looks very similar to Heartbleed
Patching as I write this, MEH!
Users browsing this forum: No registered users and 7 guests