Heartbleed -- What Can You Do To Stay Safe?

The following is external content provided as a free resource for blog readers.

The Heartbleed SSL vulnerability is making headlines around the world – and misreporting in the press and online is causing confusion. How can you stay safe and ensue your personal details aren’t leaked?

What Is Heartbleed? Well, It’s Not A Virus

You’ve probably heard Heartbleed described as a virus. This isn’t the case: in fact, it is a weakness, a vulnerability in servers running OpenSSL. This is the open source implementation of SSL and TLS, the protocols used for secure connections – those that begin https:// rather than the usual http://.

This vulnerability – more commonly referred to as a bug – essentially creates a hole through which hackers can circumvent the encryption. Confirmed on April 7th 2014, it occurs in all versions of OpenSSL except 1.0.1g. The threat is limited to sites running OpenSSL – other SSL and TLS libraries are available, but OpenSSL is employed widely on servers around the web. A fix for the problem exists, but this may not have been applied to the websites you regularly visit for secure activities. These might be online shopping, gambling and other adult themed websites or even social networking.

With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf.

Request Free!

Late Night Coffee with Caffeine Security - Week in Brief 04/18 by CaffSec | Technology Podcasts

After much debate, I've decided to host this Friday my very first online radio show!

Topics include:

  • Heartbleed
  • Critical Infrastructure Cyber Security Framework
  • News of the World Phone Hacking Scandal
  • Additional late-breaking security news

Don't miss it, this Friday, 4/18, at 11 PM EDT!

Late Night Coffee with Caffeine Security - Week in Brief 04/18 by CaffSec | Technology Podcasts

DISA Gold Disk FOIA Request Denied

Sad news. DISA has denied my request for the source code to the Gold Disk.

While there were multiple justifications in the letter, the primary justification was that the source code includes licensed proprietary technology, which DISA does not have legal ability to release.

This is unfortunate, but within the law. Since incomplete source code would be useless, I have decided not to file an appeal.