The Heartbleed Can’t Stop Bleeding

image

Does it really have to be this way? Once you get a visit of a serious cyber threat, you always have to be on alert. Why can we do it this way? We have identified a new security menace. We will find a cure for it. Now, let us forget about it, and get back to our work. With no fear that a certain malware can trouble us in the future.

Unfortunately, we have to accept the bitter IT destiny. Every now and then, the notorious Heartbleed is to remind us that it is far from retiring. How much more we have to bleed, to be finally free from the Heartbleed, once and for all? It seems that we need more unpleasant reminders, such as this one.

For what is worth, the Chinese Heartbleed warriors are responsible for the unparalleled theft of more than 4,5 million personal patient’s data from one of the largest US hospital chains. Can you imagine that? It is almost like a small state. Now, they can do whatever they want it with no limitations.

When you hear or read something like this, it makes you wonder. What is happening with all those busy little IT security bees in large systems? Have they forgotten to do their job? Or, maybe they think that things like this happen to someone else avoiding them? We are sick and tired of the Heartbleed. How about you?

Spying On A Spy?

image

So, what do you think about this picture? This a nice looking Greenpeace and a bunch of other similar organizations and activists balloon, which is floating over the NSA’s data facilities in Bluffdale, Utah. Why? Well, to draw our attention with the simple sign: The NSA – Illegal Spying Bellow.

How can they do such a thing? Is it illegal? The NSA can call a couple of fighter jets to blow it away from the sky. Yet, here it flies, making itself to be an outstanding object for making fantastic pictures. Can this one change something or is it going to end up its purpose in annoying the NSA guys?

Well, this is hard to say for certain. The main thing is that we are talking and thinking about what the NSA is doing to and with us. And, hopefully something good will come out of it. So, this can easily turn out to be a balloon of hope. However, we should hold our horses with this one and be realistic.

It takes more than one balloon to teach some discipline the guys in the black suits from the NSA. And yet, there is a strong hope that the public pressure can be strong enough to really turn the tide one day. Until then, we will launch balloons, write letters, make movies, and something new you come up with.

Jailbreak One More Trouble To Make

image

If you have second thoughts about jailbreaking your iPhone, after reading this post, you will definitely leave the things just the way they are. One serious rumor has it that AdThief IOS Malware has its origins in China. On the other side, this malware has an extremely specific goal to achieve.

It steals ad revenues. You do not have to be a rocket scientist to figure it out that this malware switches the recipient address of ad revenues. The things are pretty much serious in this matter. More than 75,000 infected devices and more than 20 million stolen ads. Is this impressive or what?

On the other hand, we have to admit that this malware is not necessarily bad from the user’s point of view. What this has to do with us? Yet, it is only a matter of time before the Chinese hackers realize that they can do some additional account’s IDs and recipients switching. We can be affected next.

We should also hold our horses and do our very best not to exaggerate the things. The main thing is that we can identify a certain cyber threat. The next move is to find the adequate answer for it. We sure hope we will not have to wait too long for the efficient cure. Poor old advertisers. Do you feel sorry for them?

Facebook Inaugural Internet Defense Award

image

Finally, someone has realized that there is no such a thing as a bad investment in IT security. Finally, some positive news from the Facebook’s kitchen after the troubling series of events associated with the privacy controversies. This is what we need. A little bit of both to improve our IT security.

We need contests with prizes and bug bounty programs with awards. Facebook has generously awarded two German researchers with $50K for their paper “Static Detection of Second-Order Vulnerabilities in Web Applications.” The great thing about this news is that Facebook is willing to go to the next level.

The logic with this is quite a simple one. If we can detect these extremely important vulnerabilities, the next thing to do is to find a way to eliminate them successfully. Facebook is looking forward to seeing some additional research in this field. It will also invest some money for it, as well.

It comes without saying that is better to invest time and money in these kinds of IT security researchers, rather than to spy on your own users including all kinds of secret experiments, which threaten our privacy. Our hats off to Facebook for this one. We sure hope this is only the beginning.

Hackers With The Government’s IDs

image

When the government gets its fingers in the hacking field in most of the cases you end up with the cyber terrorism. Yes, we are not exaggerating and that is the right word for it. When you examine the latest statistical data about the most serious cyber attacks, you simply have no other choice then to jump to certain conclusions.

The absolute majority of all cyber attacks in the northern and western Europe comes from Russia. On the other hand, the USA is the favorite destination for the hackers from China. Are these statistics merely a coincidence or a reflection of our seriously compromised political relationships?

For the certain types of hacker’s attacks a very serious IT infrastructure and flawless organization is an absolute must. Are we supposed to believe that our governments have nothing to do with these, and they are completely unaware of what is going on in the cyberspace? We are not that naive.

The hackers with the government IDs and the state’s blessing are our everyday’s reality, like it or not. We sure hope we will not be lost in the unprecedented hypocrisy where we condemn while stimulating at the same time the same type of cyber crime and attacks.

Hacking The Ghost Plane

image

This one you may find a little bit hard to digest. It seems that a group of Chinese hackers attacked the Malaysian Airlines HQ and stole the confidential data about the missing MH370. What in the world they plan to do with this kind of information? Are they going to sell it eventually?

Maybe, the Chinese hackers are eager to solve this mystery on their own? And, this is how you end up easily in the conspiracy labyrinth. Can you hack an airplane and blow it away from the sky? What if someone tries to cover his tracks with this quite unusual hacking activity?

When you ask these kinds of questions, you simply cannot avoid a situation of ending up with the bitter taste in your mouth. Is there some kind of a cyber curse over the Malaysian Airlines? What they need to change all of that? Well, they have to restore our trust as the top priority, that is for sure.

Keep an eye on the Net, will you? Maybe, we will have an opportunity to see some of the top secret unpublished data about one of the greatest missing airplane mysteries in the modern history. Who knows, the Chinese hackers can easily turn out to be truth seekers just like the rest of us.

Oops, the UPS Got Hacked!

image

No wonder, we have a serious problem about convincing ourselves that we are supposed to feel safe. If the dinosaur system such as the UPS can be hacked, then what can we expect to happen with the other less sophisticated and considerably weaker defended systems? This one makes you wonder.

To make things, being even worse in this situation more than 50 UPS stores in 24 states had some serious issues with the IT security. As a result one percent of all users are very likely to experience some kind of troubles and inconveniences in the future, this way or another. One percent, one may say.

It is not such a big deal. Well, as a matter of fact, it is a gigantic deal. When you have hundreds of millions of users, then even one percentage can be a reason for a serious headache. The guys in the UPS headquarters have plenty of time to discuss what went wrong and eventually why.

Would that be enough? Well, when the gigantic systems fail, then we accept to evaluate our current IT security systems with the highest attention possible. Maybe, some good things will come out of this one, eventually. We sure hope we will not have to wait too long for that. Oops, my dear UPS.

FinSpy Don’t Cry For IOS

image

The busy little bees from the Gamma Group has come up with an intriguing report. They have used something called the FinSpy to test the malware resistance strength of Android, IOS, BlackBerry, and some older versions of Windows Phone. The results? Well, they are both interesting and controversial.

It seems that the FinSpy was able to do its dirty work on all of these except the IOS. To be honest, even iPhone could not resist the true force of its malware dark side. However, this malware was able to penetrate iPhone’s only when it was in a so-called jailbreak mode. Intriguing enough, isn’t it?

On the other side, we do not want you to get the wrong impression that with an iPhone is nothing to worry about. The SpyFin is the legitimate cyber weapon used by the government agencies. Every iPhone has an open secret backdoor, which is more than enough to keep you restless about your privacy.

Our word of advice is, do not trust to results published by numerous surveys. Do not even trust your own smartphone. As a matter of fact, you should follow the golden NSA rule. If you have nothing to hide, then you have nothing to worry about. It’s really that simple. For your own good, do not be stubborn about this one. Will you?

Ex Workers + Current Access = Future Troubles

image

At the very core of every major serious cyber trouble, there is and always be a human related factor or error. Would you be so kind to write down this simple rule a couple of hundreds of times, for your own cyber well-being. Here is something to include in the field of corporate IT security.

You will be surprised to find to which extent ex-employees still have limitless access to almost all of the companies IT infrastructure. In the absolute majority of all cases the people in charge of HR or IT administration are simply lazy to do all what is necessary. Do not jump to the wrong conclusions.

We are not saying that as soon as you leave your company, you will become a vigilante hacker. Yet, who is stopping you to take an advantage of the situation. It is almost impossible to resist when you have a chance for some payback to a company, which fired you in the worst possible moment.

Just as you are required to clean your working desk, someone also has to clean your cyberspace after you. Eventually, the last thing you need is to be blamed for some hacker’s attack on your ex-company, which used your old data. Let bygones by bygones, focus on a new job and new passwords. Right?

Manchester United vs iPad

image

For the sake of all of us, let us be a little bit more precise with this one, shall we? Manchester United has nothing against Apple. They just do not want you to carry your iPad into Old Trafford. In addition, you are not allowed to carry any of the “large electronic devices” with you during the games.

The funny part about this story is that you are allowed to use your smartphone, but not a tablet while the football match is on. Why? Well, it is very likely that the club’s management has realized that something like that would be the mission impossible, literally. So, what now?

Enjoy in your favorite football moments without your tablet. There is a concern that the football fans could record the matches by using their tablets. Yet, they could do the same with their smartphones. Right? It is really hard to find a logical reason for a drastic decision such as this one.

It is a simple and well-known fact that there is no device in the world, which can give you the true feeling and excitement of the live attendance to the football games. That is why this fear of huge sized gadgets seems almost as it is a bad joke. Let us wait and see what will happen with tablets and football, shall we?