About Over 50 Articles Library

RETURN TO LIBRARY INDEX

Content: Services - Computer

Computer Security No 43: Cloudbleed - Oone of the worst data leaks in the last few years

Corporate - Private Computer Security

Cloudbleed - one of the worst data leaks in the last few years

About Over 50 Cloudbleed One of the worst data leaks in the last few years

Cloudbleed is the security bug discovered on 17 February 2017, affecting Cloudflare's reverse proxies.

The content delivery service provider (Cloudflare) leaked sensitive information (passwords, HTTP cookies, authentication tokesns and other sensitvie data) from millions of websites.

The webcrawlers used by Google and other search engines cached this data by accident.

A security researcher at Google discovered chunks of uninitialised memory interspersed with valid data, originating from Cloudflare.

To check if your domain was affected, go to: cloudbleedcheck.com

The Internet of Bad Teddybears

About Over 50 Cloudbleed One of the worst data leaks in the last few years

Internet connected toys prove to be a very bad idea...

Spiral Toys, maker of the CloudPets line of stuffed animals was producing toys that could record and play voice messages and then made them available to be sent over Internet by parents and children.

Its MongoDB database of 821,296 records was stored by a Romanian company mReady.

The poorly protected data was leaked and accessed since late December by multiple parties, including criminals who ultimately held the data for ransom. The recordings were available on Amazon-hosted services that required no authorisation to access.

Evidence left by the ransom crooks made it almost certain that company officials knew of the intrusions, yet did nothing to stop them.

Sadly, people don't learn or know the history:

- VTech is a toy maker hacked in 2015 - over 5 million adults details and over 200,000 kids details were exposed

- Same year, an Internet connected Barbie doll made by Mattel was also found containing vulnerabilities that could allow hackers to intercept real-time conversations.

To read more: arstechnica.com/security

The war of the giants

About Over 50 Cloudbleed One of the worst data leaks in the last few years

Google disclosed unpatched Microsoft Edge and IE Vulnerability.

Google released the information late February as Microsoft did not act within its 90-day disclosure deadline. This time, the researcher who discovered the bug also published the "proof-of-concept Exploit" that can crash Edge and IE.

Affected: Windows 7, Windows 8.1 and Windows 10 users.

Two more bugs were discovered: Windows SMB flaw (Affected: Windows 8, Windows 10 and Windows server) and the vulnerability in Windows Graphics Device Interface (Affected: Windows Vista service pack 2 to the latest Windows 10)

Safety advice: Windows users are advised to replace their Internet Explorer and Edge browsers with a different one if possible and avoid clicking on suspicious links and websites they do not trust.

SHA1 is dead! Is your website affected?

About Over 50 Cloudbleed One of the worst data leaks in the last few years

At a high level, SHA-1 is an algorithm designed to ensure that the websites you visit are protected from impersonation. So when you go to /www.amazon.com, you know that you are visiting the real Amazon, and not some imposter looking to steal your credit card number.

Important to note is that SHA-1 is not the same as SSL, but is a part of the overall process which identifies the websites that are safe to visit and give your sensitive information to.

And not only is an encrypted connection vital for safe interaction on the web, but a secure site (https://) is also ranked more highly by search engines like Google.

The problem is that the SHA-1 algorithm, which has been shown to be vulnerable to attacks, was finally cracked by Google last week.

If you want to verify if your website is using SHA1 go to (this is not a typing mistake): https://shaaaaaaaaaaaaa.com/

To learn more, please read: http://blog.near-me.com/sha1-is-dead-securing

Cyber Security & Privacy suite for Directors and Executives

About Over 50 Cloudbleed One of the worst data leaks in the last few years

On 13 Feb 2017, legislation passed through the Australian Parliament which will establish a Mandatory Data Breach Notification scheme. This gives Australian companies one year to get ready and ensure that a cyber strategy, processes and tactical plans are in place.

Recent lawsuits against directors worldwide, claiming negligence, lack of due diligence and/or duty of care (Worldwide Corporation, Target US, etc) highlight the need for directors to take immediate action.

The fact that 60% of organisations go out of business within 6 months of an attack and that the average cost for a breach is $4m illustrate the significance of this threat.

Are you prepared to discuss cyber at Board level? Are you aware of your obligations and defence as a director or officer of the company? Have you taken the necessary steps to mitigate the consequences of a cyber attack?

ABG offers the Cyber suite of course modules:

-Cyber threats and defences Module - Tactical plans

-Directors and Officers Module - Strategy

-Risk Management Workshop for Cyber

-Cyber Crisis simulation

Jokes

Memories of jokes

About Over 50 Cloudbleed One of the worst data leaks in the last few years

About Over 50 Cloudbleed One of the worst data leaks in the last few years

Have a good and cyber-safe weekend!

Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au

RETURN TO LIBRARY INDEX

 

© About Over 50s 2017             website by aml websites online