Main Area and Open Discussion > Living Room
Are your websites secure? The heartbleed bug
TaoPhoenix:
http://www.usatoday.com/story/tech/2014/04/11/heartbleed-cisco-juniper/7589759/
Reports coming in from unconfirmed sources that the NSA has been utilizing Heartbleed for years.
Of course, I have to say I totally saw this coming. This is the kind of massive security breach that would explain their uncanny ability to get into any system anywhere at any time. A simple exercise in spreading disinformation to seed people's trust in the affected library and cover up the flaw would allow them to preserve it for so many years unnoticed.
Which means that all those people concealing their activities using SSH, Tor, and proxies? Yeah. The NSA was way ahead of them.
-SeraphimLabs (April 11, 2014, 03:21 PM)
--- End quote ---
Yeah, just last year we were talking about the Agencies "looking dumb". How many Cheshire Cat levels does it take!? Look Dumb/Be Smart/Look Dumber/Be Smarter...
So if all those Tor/proxy tips never mattered anyway, then I guess I saved myself a chunk of time "just being dumb"...
Stoic Joker:
Missing link from Apps article above added here to encourage reading: What Happened When One Man Pinged the Whole Internet.
This is precisely why I've always had a dim view of encryption. All of these systems are exposed to the internet soley because people are lead to reflexively thing Encryption = :-* Magical :-* Security ... And that is just so far from the truth that it is laughable. Encryption is - or rather should be - a last ditch effort used as a fall back after all other measures have failed. It never has, nor ever will be a front line solution to jack shit.
Outside of a dire emergency requested by scheduled appointment there is no rational justification for control systems to be exposed raw on the public interface of a network. That's just ludicrous. Here's an example: When the support people at WatchGuard wanted to access a customers router to assist with an issue. They asked me to grant access to the configuration interface of the router on the public side a specific and vary narrow address range so they could log in and have a look see. Nobody kicked anything wide open, the interface went from zero allowed, to 10 allowed, and then right back to zero. This is one of many reasons I've become a fan of WatchGuard. The fact that I had zero luck Socially Engineering my way past their support staff (and I'm really good at it) was also a huge point in their favor.
Deozaan:
Missing link from Apps article above added here to encourage reading: What Happened When One Man Pinged the Whole Internet.
-Stoic Joker (April 12, 2014, 08:57 AM)
--- End quote ---
As best as I can tell, that article is almost a year old. And it says "In February last year" which would place the "personal census" he ran in February 2012. Why did he sit on that census for over a year before publishing his results?
Scary, either way.
Stoic Joker:
Missing link from Apps article above added here to encourage reading: What Happened When One Man Pinged the Whole Internet.
-Stoic Joker (April 12, 2014, 08:57 AM)
--- End quote ---
As best as I can tell, that article is almost a year old. And it says "In February last year" which would place the "personal census" he ran in February 2012. Why did he sit on that census for over a year before publishing his results?
Scary, either way.
-Deozaan (April 12, 2014, 12:38 PM)
--- End quote ---
His attorney probably wanted him to wait to see if any of the LEOs "complaints" turned into charges before he posted what would then be incriminating evidence to the world. Remember the security of the public is far less important than a cop with egg on their face ... Image is everything in a gang...
Renegade:
http://www.usatoday.com/story/tech/2014/04/11/heartbleed-cisco-juniper/7589759/
Reports coming in from unconfirmed sources that the NSA has been utilizing Heartbleed for years.
Of course, I have to say I totally saw this coming. This is the kind of massive security breach that would explain their uncanny ability to get into any system anywhere at any time. A simple exercise in spreading disinformation to seed people's trust in the affected library and cover up the flaw would allow them to preserve it for so many years unnoticed.
Which means that all those people concealing their activities using SSH, Tor, and proxies? Yeah. The NSA was way ahead of them.
-SeraphimLabs (April 11, 2014, 03:21 PM)
--- End quote ---
What this shows is that the NSA is a blackhat, criminal organization.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version