Heartbleed News: Exclusive Interview with the Security Bug


, , , , ,

Broken Heart - Bleeding HeartIt was bad enough when mega-retail giants such as Sally Beauty, Nieman Marcus and Target were getting hacked by random cyberattacks.

Now, with the latest security threat—Heartbleed—rampaging boundlessly, all are at risk; even those that never shopped at the aforementioned stores.

Over the last few days, it has come to light that Heartbleed’s reach extends into systems not normally identified as computer networks.

Thus, its penchant for infiltrating Supervisory Control and Data Acquisition or (“SCADA” Systems for short) was first unearthed.

So, add industrial computers to the long list of systems effected by Heartbleed’s rampage. It may be a while yet before we learn how deep this rabbit hole really goes…

As long as we are all in the dark about Heartbleed’s depth, it becomes that much more difficult to combat.  What we need is to learn more about the problem itself…

And what better source is there for information on a topic than from the actual threat itself? NetBoundary had the opportunity to sit down with the malicious virus known as Heartbleed (that occasionally refers to itself as “Heart-bizzle”) for a little, ahem, heart-to-heart.

NetBoundary: Hey, what gives? You were supposed to be here over an hour ago.

Heartbleed: Oh yes. Well, normally I just hitch a ride via an OpenSSL but I see you have upgraded to the latest secure version. So I had to walk. Nasty weather here in Texas.

NetBoundary: So, is Heartbleed even your real name?

HeartBleed: (laughs diabolically) No, of course not. That’s just my street name. No one knows my real name…I earned my name by infiltration of the heartbeat extension (RFC6520) of the TLS/DTLS (transport layer security protocols).

NB: Okay, that’s vaguely interesting. C’mon, we’ve got to know your real name. The people demand it!

H.B.: Did not Benjamin Franklin once say that the process of successful invention is predicated by positive failures?

NB: I don’t follow.

HB: Meaning, learning what does not work gets one closer to understanding what does work…For example, my name IS NOT Ryan Seacrest (diabolical laugh).

Thus, I have successfully narrowed down the possible variables to enhance your chance of selecting the correct outcome. You are welcome.

NB: Isn’t your real name “CVE-2014-0160” ?

HB:(taken aback) How did you find that out?

NB: I hacked it.

HB: That is cute. Look, can we speed this up I have places to go and passwords to pillage…

NB: Why do you laugh in such a, well, diabolical manner so often?

HB: I did not know there was any other way!(laughs diabolically)

NetBoundary: A Hacker’s Worst Enemy

NetBoundary is an award-winning Managed Security Service Provider (MSSP)that can help make sure your company is secure from cyber threats such as Heartbleed.  For more information, call a NetBoundary Tech Specialist today at: 1-800-698-3563

Famous Hackers: Careers After Crime for Cyber Criminals


, , , , , , , , , , , ,

hacker. Young man with laptop is looking at screenOftentimes when discussing hackers, there is little mention of these cyber criminal‘s actual names, or if they were able to thwart the crime life for a legal job.

Here’s a look at some famous hackers, they’re misdeeds and what they are up to today.

Barnaby Jack

In what could be considered one heck of a  party trick, Jack was able to exploit ATMs by inserting malware, enabling the machines to dispense money without a card or account.

He also demonstrated how insulin pumps, pacemakers and heart implants could be hacked remotely.  Jack died from an apparent drug overdose in July of 2013.

Kevin Poulsen

This name might ring a bell.  Poulsen is currently the editor of Wired, a science and technology magazine.  But before turning to a career in journalism, Poulsen was an underground fugitive highly sought by the FBI.  Poulsen had hijacked a LA Radio station’s telephone lines (so he could be assured he was the 102 caller and Porsche winner). Later, when he was featured on Unsolved Mysteries, the show’s 1-800 lines crashed for no apparent reason.

Geroge Hotz

Continue reading

Is Your Smartphone Smuggling a Hacker?


, , , , , , , , , , , , ,

How secure is your smartphone?

How secure is your smartphone?

Smartphones are fantastic.  They enable us to peruse the Internet, check our email—and even allow us to communicate with friends without the  burden of verbal communication.

But for all the good that goes with gadgets in the BYOD era, there is an increased potential for harm.

Inside that non-pleated pant pocket your smartphone might be smuggling a cyber criminal. Here are some tips to keep your smartphone safe and hacker-free.

Add Security Software

Security Software is just as important for your cell phone as it is for your business or home computer, yet many consumers have no idea that it exists.  SOPHOS has a free app that offers baseline protection for your mobile device.

QR Codes

From restaurant countertops to business cards, these over-pixelated barcodes are a hacker’s best friend.  In many instances, a QR code is an embedded link to a website—masked so as to be indistinguishable to the naked eye.  How do you know it’s taking you to a safe site? You don’t.  Consider downloading Norton Snap which works as a QR decoder ring, which allows you to decipher the link for safety.

Turn off automatic Wi-Fi

Continue reading

PCI DSS v3.0: FAQs and Security Basics


, , , , , ,

InformationProtectionPCI DSS recently implemented a new and improved guideline for compliance. However, many business owners are still in the dark in regards to PCI DSS as a whole.  Here is a quick refresher covering some of the basics about the policy and how it works.

PCI DSS—The Basics

What does PCI DSS stand for?

PCI DSS stands for Payment Card Industry Data Security Standard.  PCI DSS functions to protect the consumer’s sensitive data particularly during POS, ATM, and all credit/debit card transactions.

What year was PCI DSS first implemented?

On December 15, 2004, the Payment Card Industry Security Standards Council (PCI SSC) was formed to lay down the guidelines for a policy. The original version was put in place in September of 2006.

Continue reading

EzFIM Pro: Cost-Effective Hacker Prevention Software


, , , , , , , , , , , , ,

BlackPOS was the malware linked to the Target and Nieman Marcus cyberattacks.

BlackPOS was the malware linked to the Target and Nieman Marcus cyberattacks.

“Hindsight is 20/20.”

This popular phrase explains that knowing what has happened is easier than trying to explain what was going to happen.

Everyone makes mistakes, and there is always value in learning from them. However, one key to a business’ success is to avert the grand miscues all together.

You have to wonder how many times Neiman Marcus CEO Karen Katz and Target Corporation CEO Gregg Steinhafel have thought about the importance of damage prevention recently? Smaller companies would have been forced out of business all together had they made the same mistakes.

By refusing to have the proper security measures in place, these retail magnates have caused close to 100 million customers to ponder some popular phrases of their own.  You don’t need to be a CEO of multibillion dollar firm to understand that your company’s most important commodity is the consumer.

The Culprit

Continue reading

Macs Don’t get Viruses and 6 other Information Technology Myths


, , , , , , , , , , , , , , , , , , , , , ,

MythVsRealityYou are probably familiar with a long list of Urban Legends.

Like the one involving Pop Rocks and a soda? Or maybe the one that has nothing to do with candy, but everything to do with a dark road and a dude with a hook for a hand.

Legends, myths and fantasy all make for a great narrative and powerful storytelling, but they should never be taken at face value.

Did you know that even in the world of Information Technology, where logic should reign supreme, there are multiple myths still at play? Here’s a look at some of the most popular.

Macs don’t get viruses

I’m not sure who started this rumor (probably a Macintosh employee) but  it is far from the truth.  Macbooks and all other Apple computers DO get viruses.

Since most people use PCs rather than Macs, there are  more instances of viruses in non-Mac users. Mac users need antivirus too.

BitTorrent is illegal

Continue reading

Top 5 Mistakes Business Executives Make on a Consistent Basis


, , , , , , , , , , , ,

Sometimes the biggest mistakes are made by one wrong decision.

Sometimes the biggest mistakes are made by one wrong decision.

It is never too soon to enhance your company’s success.  There is no better time than the dawn of a new year to ensure your business starts off on the right foot.

If your company has been around for more than 18 months, then you have already outlasted an estimated 80% of entrepreneurial startups.

However, we can often learn more from mistakes and mishaps than we can from profound successes.

Here’s a look at five top mistakes businesses make with regularity—now is the time to benefit from your competitor’s mistakes by not falling prey to the same errors.

5. Using hope as a strategy

Optimism is an excellent personality trait. However, it must be tempered with a strong sense of realism too.  Don’t be so overly enthusiastic as to become blinded to a product’s potential problems. Understand when a product or promotion isn’t working and except the initial challenge of making it succeed. Not all new ideas will be slam dunks for success. Understand when to the pull the plug.

Continue reading

Target and Neiman Marcus Hacked: Could Poor Credit Card Security be to blame?


, , , , , , ,

The Chip and PIN model of security is safer than the old swipe-and-sign.

The Chip and PIN model of security is safer than the old swipe-and-sign.

Just a few short weeks after the Target security breach made national headlines, another United States retailer has succumbed to a cyber attack.

Dallas-based Neiman Marcus announced recently that they too fell prey to a cyber criminal’s attack—one that may leave as many as 20 million customer’s bank accounts in danger.

The method used to glean customers’ personal information—such as credit card numbers, passwords, etc.—is near identical to the Target fiasco.

Anytime a debit or credit card is swiped through a point-of-sales device (POS), the information is ripe for nefarious removal if not properly secured.

Outmoded credit card security measures still in use throughout the United States of America make it too easy for hackers.

In the States, the magnetic strip is still the key point of “security.”  Would Target and Nieman Marcus had been as susceptible to breaches had the European Chip and PIN model been in use?

Magentic Strip vs. Chip and PIN

Continue reading

Game Changers: A look back at Top Technological Innovations


, , , , , , , , , , , , ,

The dawn of the iPhone put the BlackBerry to bed.

The dawn of the iPhone put the BlackBerry to bed.

The New Year is upon us. Not to worry, you still have (by my count) three weeks to write “2013” on your checks blame-free.

Well, that is, if you still write checks.  Since we don’t know what the New Year will hold for technological advancements, I felt now was the time to wax nostalgic and take a look at some of the most important inventions of the last 15 years.

TiVO (1999)

As a child growing up in the 80s, you could count on three things: 1. Big hair. 2. Bad clothing and 3. Dad consistently complaining about the abundance of advertisements during The A-Team.

But with the rise of TiVO, you could record your favorite shows and skip through commercials! In theory at least. I never could teach Dad how to use the darn thing.

Microsoft Xbox (2001)

Remember when 16-bit video game consoles—such as the Sega Genesis—were all the rage?

“Dude, it looks JUST like the arcade, man!”

Continue reading