News Recap: The White House’s Cybersecurity Secrets

By | May 2nd, 2014|Uncategorized|

White HouseThis week, the White House joined the conversation about the current state of cybersecurity when it shared its policies on alerting the public to threats and vulnerabilities.

According to David Sanger of The New York Times the discussion started when Michael Daniel, White House cybersecurity coordinator, published a post to the White House blog discussing the process for making cybersecurity flaws public knowledge. Sanger writes, “The Heartbleed incident had cast a light on a balancing test the White House has until now declined to discuss in any detail: When should the government reveal flaws that it discovers.”

The Verge’s Jacob Kastrenakes sheds light on the purpose of withholding the news from the public with this quote from Daniel: “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”

Dara Kerr of CNET comments on the government policy saying, “Several government agencies have put together a set of principles they use when deciding whether to disclose vulnerabilities. If the government does decide to keep a security flaw secret, it goes through a series of questions about why it made that decision, including the possible risk, exploitability, and reach of the bug.”

Jon Fingas of Engadget lends perspective to any critics of the NSA’s policies with an additional comment from the White House on the matter; “The White House… has a vested interest in speaking up when possible; it suffers like everyone else if critical infrastructure goes down, after all. It’s at least clear from the statements that the government doesn’t make its choices lightly.”

Is the government doing the right thing by keeping cybersecurity flaws a secret? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Interactive Cyberthreat Map by the Kaspersky Lab

By | April 11th, 2014|Uncategorized|

MapWhile many dedicate their careers to spreading the word about cyber security, this week’s news about the Heartbleed vulnerability has put cyber security in the spotlight, giving the world a new found perspective on just how susceptible the Internet can be.

Farhad Manjoo of The New York Times said “the bug known as Heartbleed… is a stark reminder that the Internet is still in its youth, and vulnerable to all sorts of unseen dangers, including simple human error.” He compares the technology industry with other industries that saw rapid growth, but remarks that the tech industry is ultimately unique and will require additional efforts beyond regulation and industry-wide cooperation. Computer security expert at Princeton University Edward Felten believes that “Heartbleed is further evidence that we don’t have our house in order when it comes to Internet security.”

Help Net Security further discussed the global threat by sharing an interactive map released by the Kaspersky Lab. The interactive cyberthreat map visualizes cyber security incidents occurring worldwide in real time. Help Net Security showed how the map detects and monitors a variety of malicious objects across the web, and comments, “In today’s world of cyberthreats, it only takes a few minutes to spread new malicious applications or spam.”

CNET’s Leslie Katz explained how the interactive map works:

“You spin the 3D globe using a mouse and zoom in or out with a scroll wheel. Click on a country, and you’ll see the number and type of threats detected there since 12 a.m. GMT and the position that nation holds on the world’s “most-infected” list… Different types of threats tracked by the Kaspersky Antivirus and Internet Security Multi Device software shoot around the map like colored lasers. Viruses found in email appear as orange, for example, and yellow represents malicious executable files.”

Does this interactive map help consumers visualize how fast threats move across the globe? How can businesses use this interactive map for security purposes? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Customer Alert: Heartbleed SSL Vulnerability

By | April 9th, 2014|Uncategorized|

heartbleedOn the morning of April 8, 2014, the OpenSSL community revealed a security vulnerability in recent versions of the OpenSSL software. Dubbed Heartbleed, the vulnerability poses a serious security concern because cyber criminals could exploit the vulnerability to expose site users’ Personally Identifiable Information (PII).

What does this mean, exactly?

OpenSSL is an open-source encryption technology used by a approximately 75% of web servers. This technology safeguards site visitors who are sharing PII and financial information to make a transaction. Sites that employ OpenSSL are typically indicated with a lock icon and live at an HTTPS address. In other words, an OpenSLL site may be at the core of your business, and you probably use sites that incorporate this technology daily.

How do I mitigate risk?

The only way for businesses to avoid Heartbleed is to upgrade their site with the latest, patched version of the OpenSSL software, which addresses the vulnerability.

CSID customers should be assured that CSID has done this to its servers, and strongly recommends that they take the same action and immediately renew their SSL Certificates used with CSID services. As an additional security precaution and due to the breadth of this vulnerability, CSID joins other security professionals in recommending that businesses patch any instances of OpenSSL in their environments, and renew any SSL certificates immediately.

Further details surrounding the Heartbleed vulnerability and its disclosure can be found here.

Load More Posts