It's now just over a week since news of the Shellshock bug broke and analysts are still trying to work out just how much of an impact it could have.
Security specialist Incapsula has been tracking the vulnerability to get an idea of its magnitude, looking at the number of sites attacked and the damage caused.
There are always plenty of security concerns causing furrowed brows of IT professionals, but a survey shows that it is ransomware that is causing the biggest headaches at the moment. A survey carried out by Spiceworks and published by Webroot found that 88 percent of professionals had concerns about ransomware, while one third of those questioned had dealt with a ransomware attack first hand. By far the most common strategy for dealing with a device that has been maliciously encrypted is to simply wipe it.
Two-thirds expect the number of attacks to increase in the next year which is particularly concerning when you consider that two thirds of IT professionals know someone who has been affected by ransomware. Despite the threat and attempts to thwart the flow of ransomware with filtering, firewalls, and email scanning, just 44 percent believe their current security setup is "somewhat effective".
Facebook is no stranger to controversy, nor is the social network unfamiliar with upsetting its users. It seems as though Zuckerberg's baby has been hitting the headlines for all the wrong reasons lately, and it's not all that long since users vented their fury after it was revealed that their newsfeeds had been manipulated in the name of research. Now the social network says that it was "unprepared for the reaction the paper received when it was published and have taken to heart the comments and criticism" and is now implementing new user research guidelines.
"There are things we should have done differently" may seem like something of a half-hearted admission that mistakes were made, but it's the second semi-apology from Facebook this week. Research into how people use the social network will still continue, but Facebook now says "we want to do it in the most responsible way." So what does this actually mean?
October is National Cyber Security Awareness Month (NCSAM) in the US and security company Secunia has marked this by issuing its latest Country Report assessing the state of security among PC users.
Key findings include that Microsoft’s Internet Explorer, with a market share of 73 percent, had 218 vulnerabilities with 11 percent of installed programs being unpatched and vulnerable. The percentage of users running unpatched operating systems has increased to 12.6 percent, from 11.1 percent in the previous quarter.
Since the Edward Snowden revelations that governments as well as hackers were likely to be snooping on your internet activity it's been widely assumed that there's no such thing as safe online access.
VPN specialist CyberGhost has other ideas and has been seeking funding via Indiegogo for what it calls a NoSpyProxy. The company's VPN already uses AES256 military-grade encryption to protect passwords, bank accounts and other details as well as obscuring locations and IP addresses. It now aims to make things even more secure by placing the data center hardware under the control of an additional layer of security. This will put CyberGhost in control of the whole process from login through encryption protocol, key management and finally also the server itself.
Facebook has issued an apology to "drag queens, drag kings", and the LGBT community for forcing users of the social network to reveal their real names or face having their pages suspended. The social network also bowed to pressure, saying that users will not necessarily have to use their real names in the future. Chris Cox, Facebook's Chief Product Officer, made a statement in an online post that admits the negative response to the policy "took us off guard". Why the sudden interest in real names? It seems that one person may have been to blame.
Facebook caused something of a storm of controversy recently when it forced many users to reveal their real names. Large groups of people were affected by this, but it was a number of drag artists who were most vocal in their complaints -- numerous petitions and campaigns, including #MyNameIs, started up. While it was drag queens who hit the headlines, Facebook's sudden enforcement of its long-standing real names policy also affected performers such as musicians -- fans and friends were confused when seemingly new people appeared in their friend list. Despite the backlash Facebook faced, the social network stuck to its guns, remaining adamant that the policy was here to stay, and dismissing complaints out of hand.
Parents are keen to ensure that their offspring don't access inappropriate material on the web and for that reason most security software providers now offer parental control products, whether as a standalone product or part of an internet security package.
A large proportion of websites are not standalone sites in their own right, but creations based on CMSs such as Drupal, WordPress, and Joomla. This is particularly true for personal blogs, but using a CMS as the basis for a site has been increasingly popular among larger companies. CMSs are used because they allow for articles to be posted easily, make it simple for multiple people to contribute to a site, and allow for different users to be assigned different access rights. They can also be extended through the use of plugins, but these self-same extensions are also a security disaster waiting to happen.
Security experts High-Tech Bridge frequently discover vulnerabilities in extensions and plugins for popular CMSs. It is standard procedure to notify the developer before going public three weeks after the discovery -- this provides an opportunity for the problems to be fixed without alerting others who might exploit it. High-Tech Bridge CEO, Ilia Kolochenko, says that CMS security issues are nothing new:
It seems like data breaches are seldom out of the news these days, but whilst that means we're more likely to be aware of their existence it also means there's a risk that individual threats begin to fade into the general day-to-day techy chatter and we don't give them the attention they deserve.
The growing number of breaches -- up 10 percent over last year according to a recent study by the Ponemon institute -- means they're less likely to catch our attention. Security training firm KnowBe4 refers to this phenomenon as "breach fatigue" and warns that it may be placing companies at risk.
According to data released by security company Trustwave which has analyzed evidence from almost 700 security breaches that took place in 2013, retail is the most compromised industry, accounting for 35 percent of attacks investigated.
The food and drink industry ranks second on 18 percent followed by hospitality on 11 percent. Perhaps not surprisingly e-commerce is most at risk, making up 54 percent of assets targeted whilst data centers account for only 10 percent. Point of sale breaches made up 33 percent of Trustwave’s investigations.
For an increasing number of celebrities who have seen their nude photos being leaked online, The Fappening will always be a never-ending nightmare, which will come back to haunt them for a long time to come. Once it's online, it stays there, ready for the world to see. Meanwhile, for others it will serve as a source of frequent enjoyment, in no small part thanks to Apple. Its iCloud service appears to be the source of the leaks for most files, and this includes the latest batch, called The Fappening part 3, which just surfaced.
Reddit and 4chan have served as the gateways to the new leaked photos, with download links showing up this past weekend. It's a recurring theme, as the two community forums have been involved in propagating hundreds of such images since The Fappening hit in early-September. Threads on the topic have been banned and new policies have been implemented, but, despite these efforts, it is all for naught apparently.
Apple's recently released iPhone 6 is susceptible to the same fingerprint forging attack as the iPhone 5s, according to the latest security research.
Mark Rogers, principal security researcher for mobile security firm Lookout, used techniques which are well-known to police officials and prototypers to access the device.
Apple has admitted that most OS X users have nothing to be concerned about when it comes to the bug that has been dubbed "worse than Heartbleed".
In a statement the firm admitted that it is already working on a software update for advanced UNIX users that repairs the major exploit that can be used by hackers to gain access to connected devices by inserting malicious code into the "Bash" command shell in OS X and Linux.
A worrying new security vulnerability has muscled its way onto the Internet, and world-leading security experts are saying it's even worse than this year's Heartbleed fiasco. Called "Bash" or "Shellshock", the security flaw is inherent to a computer's shell. This is the user interface that accesses operating systems like Command Prompt, and means that many Linux, UNIX, and some BSD systems (including Apple's OS X) are vulnerable. Worryingly, the ubiquitous nature of the bug means that a large percentage of software is engaged in constant interaction with the shell. Consequently the bug can infiltrate software in a number of different ways.
So what can you do to protect yourself against this frightening new bug, and how can you avoid Shellshock? Well, the answer is basically the same as it's always been. There's no special tool or patch that'll keep you protected from Shellshock. It's just pure, common-sense cyber security.
Ever since yesterday’s news of the Shellshock Bash bug broke cyber security experts have been lining up to make clear how bad it really is.
Unlike Heartbleed, which affected mainly servers, Shellshock leaves a whole host of systems vulnerable including Apple OSX systems and many internet of things devices with embedded code that’s based on Unix or Linux.