Tag Archives: Google

How ‘Heartbleed’ May Have Infiltrated Every Website on the Internet

Susanne Posel | Chief Editor, The US Independent

The Heartbleed (HB) bug is causing quite a stir because it exposes “end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services.”

According to the Tor Project: “If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle.”

Google, Yahoo, Facebook, Amazon and others have taken security measures and fixed issues to avoid any more problems from HB.

Tumblr said that they did not find evidence of HB or any security breach.

Amazon explained they fixed HB for most of their services.

In Canada, the Canadian Revenue Agency (CRA) closed access to the public for “electronic services” because of HB; stating that they were concerned about protecting “the security of taxpayer information”.

Sites tested and found to be vulnerable include:

• Yahoo

• Kickass

• Flickr

• Slate

• Scoop

• USMagazine

• Price Monkey

• Facebook

• Google

YouTube

• Wikipedia

• Twitter

LinkedIn

• Amazon

• Blogspot

• WordPress

eBay

• pintrest

• Instagram

• Paypal

• Apple

• Craigslist

• BBC

Continued . . .

via How ‘Heartbleed’ May Have Infiltrated Every Website on the Internet – THE US INDEPENDENT : THE US INDEPENDENT.

Enhanced by Zemanta
Advertisements

‘Heartbleed’ encryption bug jeopardizes global Internet security

OpenSSL, a technology used to provide added encryption of an estimated 66% of all servers on the public Internet, has seen a significant glitch, which puts nearly all the web protection at risk. Never used online banking service? This is surely not the right moment to set about it.

Tumblr, which is owned by Yahoo, made public on Tuesday that it had been hit by the so-called “Heartbleed Bug” and recommended that clients change not just the password for its site but for all others as well. Among those unaffected happened to be Apple, Google, Microsoft, and major e-banking services.

“The scope of this is immense,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi, a Salt Lake City cybersecurity company. “And the consequences are still scary. I’ve talked about this like a ‘Mad Max‘ moment. It’s a bit of anarchy right now. Because we don’t know right now who has the keys and certificates on the Internet right now.”

Though the word OpenSSL seems to be the jargon that the general public is unaware of, everyone would perhaps recognize the green padlock icon in the address bar of their browser, followed by “https” – this is exactly the thing that ensures additional security in whatever sensitive operations that we perform online.

The technical vulnerability was first spotted by Neel Mehta, a security researcher at Google, and a team of security engineers at Codenomicon, a security website that has since created a website with information about Heartbleed.

“Heartbleed is like finding a faulty car part used in nearly every make and model, but you can’t recall the Internet and all the data you put out on it,” comments Jonathan Sander, vice president of research and technology for Stealthbits Technologies, a cybersecurity firm. What happened to be just a programming mistake travelled fast to all other computers as the OpenSSL was updated on them, open up plenty of opportunities for those tech-savvy to hack for any personal data using just simple tools available online.

To tackle the problem, an updated version of OpenSSL has been issued, and sites can use that to fix the bug. In addition to updating OpenSSL, sites will need to refresh many pieces of their security protocols notably keys and certificates.

Whatever the updates and technical solutions, users are still strongly advised to stand on guard of their own web security and think twice before carrying out any operation online, just to allow time to make sure the service is unaffected.
Do not login to Yahoo! The OpenSSL bug #heartbleed allows extraction of usernames and plain passwords!

Change Your Passwords: A Massive Bug Has Put Your Details at Risk

A massive bug affecting much of the web’s encryption technology is uncovered, with sites from Yahoo to Tumblr affected

A newly discovered bug in software supposed to provide extra protection for thousands of the world’s most popular websites has exposed highly sensitive information such as credit card numbers, usernames, and passwords, security researchers said.

The discovery of the bug, known as Heartbleed, has caused several websites to advise their users to change their passwords.

“This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug,” Tumblr wrote in a note to its many users.

“The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.”

Yahoo, the owner of Tumblr, confirms that its users’ passwords have been compromised.

The bug was discovered late last week in the OpenSSL technology that runs encryption for two-thirds of the Internet. The researchers who discovered it said that most Internet users “are likely to be affected either directly or indirectly.”

It was found simultaneously by a Google security researcher and a small security firm named Codenomicon and disclosed Monday night.

Experts are now scrambling to asses the extent of the security breach, because the bug remained undiscovered for two years. Hackers may have exploited it without leaving footprints.

“We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace,” Codenomicon wrote on their newly created website about the bug.

According to several security experts, it is one of the most serious security flaws uncovered in many years.

“Heartbleed is like finding a faulty car part used in nearly every make and model, but you can’t recall the Internet and all the data you put out on it,” Jonathan Sander, vice president of research and technology for Stealthbits Technologies, a cybersecurity firm, told the Los Angeles Times.

The U.S. government’s Department of Homeland Security has advised all businesses using the vulnerable versions of the software to review their servers.

Change Your Passwords: A Massive Bug Has Put Your Details at Risk | TIME.com.

Enhanced by Zemanta

Turkey blocks Google service used to sidestep Twitter ban

Protesters hold placards reading “do not touch my twitter ” and “communication right is a basic human right” during a demonstration against the ban on Twitter during a demonstration against Turkish government in Ankara on March 22, 2014.

Turkish authorities have blocked the Google DNS service used by the local Twitter community to get around the ban on the social network. The number of tweets, however, jumped 138 percent.

The measure has come as Erdogan starts a final electoral push to stifle rivals who he has described as an “alliance of evil.”

After the ban imposed on Twitter late on Thursday, with Erdogan’s vow to “wipe out” the messaging service, the Turks began using Google’s DNS service to access the social network. The users typed 8.8.8.8 and 8.8.4.4 into their network settings to bypass the ban. Also, these numbers appeared in graffiti on the walls of some houses.

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the internet or a private network. Apart from bypassing blocking, it can be used for faster internet surfing speeds.

The authorities said that Twitter had been banned for a reason, though, saying there are “hundreds of court rulings in Turkey” over Twitter content.

“Twitter has been used as a means to carry out systematic character assassinations by circulating illegally acquired recordings, fake and fabricated records of wiretapping,” Erdogan’s office of public diplomacy said on Saturday.

75

Also, the social network was “biased,” they stressed.

Twitter was blocked ahead of the March-30 local elections for the campaigning period.

However, President Abdullah Gul has said that the presidency is in talks with Twitter to reach a speedy resolution to the block on the website in Turkey, Hurriyet Daily News reported.

“It is not legally possible to shut down the internet and platforms [like Twitter]” he told reporters in Ankara. “This is of course an unpleasant situation for such a developed country as Turkey, which has weight in the region and which is negotiating with the European Union. Therefore, it will be overcome soon.”

79

Earlier, Twitter officials expressed hope that full access to the website will be restored shortly, after a lawyer representing the platform met with Turkish authorities in the capital Ankara on March 21, local media reported.

Enhanced by Zemanta

Google, Facebook, Twitter and other IT firms protest against US government’s spying

A coalition of the nation’s leading technology firms joined an international protest Tuesday against the US government’s spying programs, urging more limits on collections of Americans’ electronic data and greater oversight and transparency about the secret operations.

Top executives from Google, Microsoft, Yahoo, Facebook, AOL, LinkedIn and Twitter published a joint statement and sent a letter Tuesday to President Barack Obama and members of Congress. The coalition of tech firms, known as Reform Government Surveillance, urged changes that would include a government agreement not to collect bulk data from Internet communications.

Technology companies expressed outrage last year after media accounts based on leaks from former NSA employee Edward Snowden disclosed that the US and the Britain intercept massive amounts of electronic Web metadata abroad from foreign computer users and sometimes from Americans. Executives highlighted their concerns during talks with administration officials about the spying programs, but Obama did not commit to curtailing the NSA’s sweeps of data from the Internet.

The stance taken by the technology firms provided a public boost to “The Day We Fight Back,” a day of protest against the government’s spying operations organized by civil liberties and privacy advocates.

Activists urged Americans to write and call members of Congress in protest. By midafternoon, “The Day We Fight Back” claimed backers had sent 104,000 emails and made nearly 50,000 calls to Congress.

“Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information,” said Facebook CEO Mark Zuckerberg in a statement on the Reform Government Surveillance website. “The US government should take this opportunity to lead this reform effort.”

The civil liberties groups, which include the ACLU and the Electronic Frontier Foundation, are trying to mirror the success that activists had in 2012, when a similar protest effort helped derail two major anti-piracy bills in Congress.

The organizers oppose a bill sponsored by Senate Intelligence Committee chairwoman Senator Dianne Feinstein, that would codify and provide legal underpinnings for many of the NSA’s current operations.

“The Day We Fight Back” movement prefers a bill co-sponsored by Senate Judiciary Committee Chairman Senator Patrick Leahy,that would end the bulk collection of phone records and restrict sweeps for electronic and other data.

The Reform Government Surveillance coalition urged the US and other governments to “codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances.” The group also called for strong “independent” court review that includes “an adversarial process.”

Obama has committed to the involvement of a panel of public advocates in some proceedings of the secretive Foreign Intelligence Surveillance Act court, which oversees electronic spying operations. But under Obama’s proposal, the advocates would have limited ability to intervene.

During a White House appearance Tuesday with French President Francois Hollande, Obama said his administration is “committed to making sure that we are protecting and concerned about the privacy rights of not just Americans, not just our own citizens, but of people around the world, as well.”

White House spokeswoman Caitlin Hayden said later that Obama’s plans for limited surveillance changes “help chart a path forward that should give the American people greater confidence that their rights are being protected, while preserving important tools that keep us safe.”

Google CEO Larry Page said on the coalition’s site that the security of users’ electronic data “is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world. It’s time for reform and we urge the US government to lead the way.”

Yahoo CEO Marissa Mayer said the Snowden revelations “have shaken the trust of our users.” She urged Congress to “change surveillance laws in order to ensure transparency and accountability for government actions.” The remarks by Zuckerberg, Page and Mayer were echoed by statements from Twitter CEO Dick Costolo, AOL CEO Tim Armstrong, Microsoft General Counsel Brad Smith and LinkedIn General Counsel Erika Rottenberg.

In addition to its Reform Government Surveillance supporters, the protest effort was also backed by other tech firms, such as Tumblr, Mozilla and Reddit. The day-long protest claimed support from more than 6,000 web entities. But, conspicuously, Verizon and AT&T, two major US phone service providers that turn over bulk customer data to the NSA every day, did not join in.

The tech coalition also hired a lobbyist to handle the group’s interests in Washington. The Washington lobbying firm Monument Policy Group LLC filed a formal lobbying registration last week with Congress, citing the coalition as its client.

AP

غوغل تصبح ثاني أكبر شركة مدرجة في العالم

أصبحت شركة “غوغل” ثاني أكبر شركة مدرجة في العالم بعد شركة “آبل”، وذلك إثر ارتفاع قيمتها السوقية في بورصة نيويورك متجاوزة القيمة السوقية لمجموعة “اكسون موبيل” النفطية الأميركية التي كانت تحتل هذا المركز

 وبلغت القيمة السوقية لعملاق الإنترنت الأميركي “غوغل” في نهاية جلسة التعاملات في بورصة نيويورك يوم أمس الاثنين 10 فبراير/شباط، بلغت مستوى 394 مليار دولار متجاوزة بذلك للمرة الأولى القيمة السوقية لـ”اكسون موبيل” التي تبلغ 388 مليار دولار، في حين تتصدر قائمة الترتيب مجموعة “آبل” بفارق كبير إذ تبلغ قيمتها السوقية حوالى 472 مليار دولار

 وكانت القيمة السوقية لـ”غوغل” تجاوزت القيمة السوقية لـ”اكسون موبيل” لبعض الوقت خلال تعاملات الجمعة، لكن جلسة الاثنين كانت الأولى على الاطلاق التي تغلق على نتيجة كهذه

 وعلى غرار بقية شركات النفط الأميركية يسجل سهم “اكسون موبيل” منذ بداية العام تراجعات، وقد تواصل هذا المنحى يوم الاثنين مع خسارة سهم المجموعة النفطية الأميركية العملاقة 1.17% من قيمته ليغلق عند 89.52 دولارا، لترتفع نسبة الخسائر المجمعة لهذا السهم منذ بداية العام الحالي إلى 11.5%. في المقابل فإن سهم “غوغل” يسلك منذ سنوات منحى تصاعديا وقد تضاعف سعره في منتصف تموز/يوليو 2012. ومع ان سعر سهم غوغل تراجع خلال جلسة الاثنين بنسبة 0.38% إلى 1172.93 دولارا، إلا أن هذا السعر لا يزال عند أحد مستوياته التاريخية

http://arabic.rt.com/news/650967/ :روسيا اليوم

غوغل تصبح ثاني أكبر شركة مدرجة في العالم – RT Arabic.

Privacy groups ask FTC to check tech firms’ link to NSA | TechHive

Several advocacy groups are calling for an investigation into Internet companies Yahoo and Google whose networks were secretly accessed by the National Security Agency (NSA).

In a letter sent last week, the groups asked the U.S. Federal Trade Commission (FTC) find out how the NSA could extract so much data without the knowledge of Google and Yahoo.

“The Commission should pursue this investigation because it routinely holds itself out as the defender of consumer privacy in the United States,” the authors said. “It is inconceivable that when faced with the most significant breach of consumer data in U.S. history, the Commission could ignore the consequences for consumer privacy.”

The letter, signed by officials from the Electronic Privacy Information Center, Privacy Rights Clearinghouse, Center for Digital Democracy, and other organizations, follows recent reports that the NSA gained access to millions of consumer records by secretly tapping directly into data streams from major Internet companies.

The reports prompted fresh concern about NSA surveillance activities and of the privacy of data being held by the world’s largest Internet companies.

Firms deny compliance

Google, Yahoo, Microsoft and others have insisted that they divulge consumer information to the NSA and other government agencies only under appropriate court orders. Each has denied providing any help to the NSA and other spy agencies gathering data on Internet users.

In fact, in a court filing last week the companies demanded that the government release more information about the kind of data that Internet companies are being asked to provide the NSA.

The letter from the privacy groups stands out because it seeks to hold Google and Yahoo responsible for the NSA’s data collection activities because of a lack of network security controls.

“We are saying that the companies should do more to protect the privacy of user data and that the FTC has a responsibility to police these practices, particularly since both Google and Facebook are subject to consent orders concerning privacy,” said Marc Rotenberg, executive director of EPIC.

Rotenberg said consumer privacy groups have long urged Internet companies to adopt better privacy and security practices to safeguard the information they collect. He noted that privacy groups have asked Internet companies to minimize data collection when possible and to delete unneeded data.

Therefore, Internet companies must be held responsible for breaches of data they store, he said.

A Google spokesperson wouldn’t comment on the letter. Yahoo didn’t respond to a request for comment.

Privacy groups ask FTC to check tech firms’ link to NSA | TechHive.