15 Apr 2014 @ 12:50 AM 

There has been some growing speculation as to whether the NSA was aware of the Heartbleed vulnerability in advance. The story was raised and reported by Bloomberg, denied in the New York Times, and then sort of questioned again by the New York Times.

But the thing that strikes me the most is a quote from former NSA Head Michael Hayden who is on record as saying:

Some vulnerabilities are such that they marginally (but importantly) weaken a system but exploitation still depended on skills, systems and technologies that few, if any, can match.  If the judgment is what is called NOBUS (nobody but us could do this), the risk management decision is pretty easy.  Of course, that judgment could change over time and still requires continuous due diligence. (Security Current)

Given the ramifications that Heartbleed could potentially have on the fundamental infrastructure of the Internet, if the NSA was involved I think there needs to be some holding of account.

Posted By: Chief Tech
Last Edit: 15 Apr 2014 @ 12:50 AM

EmailPermalinkComments (0)
Tags
 15 Feb 2011 @ 7:29 PM 

Granted part #1 of this article turned out to be a little more complex to execute that first reported (don’t believe EVERYTHING you read in a blog!), but this one turns out to be a little more serious.

Reported fairly widely in the mainstream tech-press, this vulnerability permits the retrieval of private data from the iPhone and bypasses any user passcode available. Looking at the process involved, this puts the technique into the hand of someone with mid-level technical expertise (thankfully we aren’t quite at the Hollywood-security model of hitting a few keystrokes to bypass a password prompt).

The following video gives you a good demonstration of the process and for those wanting a little more detail, the technical paper supporting this process can be found here.

Posted By: Chief Tech
Last Edit: 15 Feb 2011 @ 07:32 PM

EmailPermalinkComments (0)
Tags
 28 May 2010 @ 6:28 PM 

First up let me say; I own an iPhone, I like the iPhone and will probably use one until a smart phone alternative appears that has the application eco-system developed to a level I am comfortable. I generally fall into the category of smart phone users who use their device as a phone and portable ultra-mini computer.

Now that said, I do have concerns about the security of the device and the way it is slowly creeping into the corporate arena. The the following link from www.h-online as an example; Vulnerability in iPhone data encryption.

I will let you read the page for yourself, but in brief bypassing iPhone encryption can be as easy as turning it on! Add this to the amount of personal information that can be stored in 8 GB or more, and I would really recommend changing every password you have if your phone gets stolen, lost or even out of your possession for a matter of minutes.

Coming soon: iPhone in-Security Part #2: adventures with iPhone data theft

Posted By: Chief Tech
Last Edit: 28 May 2010 @ 06:28 PM

EmailPermalinkComments (0)
Tags