Heartbleed: What Do I Do?

The KeePass Password Safe icon.
The KeePass Password Safe icon. (Photo credit: Wikipedia)

You’ve probably read a little about Heartbleed by now and you either understand the details or not. For some additional reading you can visit heartbleed.com. Either way, you are, and should be, worried if this is going to affect you directly. The answer, probably. Not all sites and software rely on the security torn open by Heartbleed but many do. For these locations which are currently vulnerable you will need to confirm that they, the site owners, have fixed the issue BEFORE changing your passwords.

How do you do that? Go to Heartbleed Test or Heartbleed Checker and type in the site you’re worried about, such as your banking site.

If it comes back green it was either fixed or never had a problem. I recommend a password change anyway. You are probably overdue for one.

If it comes back red, check back again later until it comes back green. Then change your password.

I think you’ll find at this point that many sites have fixed the issue, but it can’t hurt to check.

For those who are interested in the related CRA website shutdown from Heartbleed, read this story as well: ctvnews.ca.

Enhanced by Zemanta

What can we learn from Twitter?

Twitter Logo
Twitter Logo (Photo credit: Jon Gosier)

With each new breach it’s good practice to
find a takeaway that can serve as a reminder or new insight. The recent breaches with Twitter, The New
York Times and The Washington Post are no different.
Twitter has offered the most transparent
account of the breach thus far. Bob Lord, Twitter’s director of information security, offers an extensive explanation in his blog.  Lord reveals that the attack was not the work
of amateurs nor was it an isolated incident against Twitter. The hackers were
clearly targeting other companies and organizations. It was for this reason
Lord, “felt that it was important to publicize this attack while [Twitter] still
gather information, and we are helping government and federal law
enforcement… to make the Internet safe for all users.”
The Daily Mail consulted an independent
privacy and security researcher for input on the Twitter breach and what can be
gained from Twitter being so public about it. Considering the breach impacted a
relatively small number of users and how quickly Twitter was able to
effectively respond and mitigate the breach, it was deemed well contained.
This reflects the discussions we
participated in at the Women in Security Lecture Series recently.  Namely, that there is a clear need for more
communication between security executives and more learning from each other’s
mistakes. Twitter is setting a positive example in how to be transparent in process
and sharing details for others to learn from and how to proceed.
Given that it’s now understood that it’s
not a matter of if a company will be breached but when, responses like
Twitter’s go towards removing much of the taboo and shame associated with a
breach.  This is the necessary first step
towards true sharing and progress.
the communication at an early stage, which Twitter seems to have been able to
do, is an essential part of any security plan. As Lord stated in his blog,
these attacks were specific and not perpetrated by amateurs. The hackers have
gotten sophisticated and the security executive’s plan must evolve to keep pace.
Defence Intelligence’s main service
offering, Nemesis, is able to add that layer of protection. Many security
executives rely on Nemesis as the extra layer that will protect their network
from breaches. Nemesis effectively protects networks by severing communication
between the network and the attacker. This allows security groups and
traditional security tools the needed time to respond and remediate.
Contact Defence Intelligence today to find
out how easily and effectively Nemesis can fit into your current security plan. 

Enhanced by Zemanta

Cyber Security Made Easy – Part 4

English: A Master padlock with "r00t"...The topic of creating great passwords has been visited many
times by many people, yet it remains relevant and important because common
passwords are still too common. As educators often feel the pain of knowledge
falling on deaf ears, we beat this horse once again in hopes that one or two
new pupils may take heed.
Make better passwords!
When creating your list of passwords one tip is to ensure
your password does not rank as one of the world’s most popular passwords such as “Jesus,” “Ninja” and “Qwerty.” 
You can also visit our previous blog that covers the basics
on making passwords more effective. Let’s say that your email password is
“whiskers”, the name of your no doubt lovable cat.  You can easily keep
the familiarity of the password while increasing its effectiveness as a

Old password:  whiskersNew password:  I have loved Whiskers since

Easy to remember, and vastly more secure than
the original password.  If you can’t use spaces, simply remove them.

English: Sprinkles, chocolate syrup and whippe...
Whenever possible, use words and terms which
can’t be found in a dictionary.  This sounds harder than it is.  You
can use altered spelling, nicknames, and clues instead of the actual term.
Old password: I love icecream
New password: !love1c3cr3am
You can also visit trusted 
opinion leaders such as the Canadian site Get Cyber Safe that
  • ·      Don’t stay logged into a site but login each
    time you visit the site
  • ·      Clear browsing history or cache after online
    banking and shopping
  • ·      Avoid using a single dictionary word

Or the American site Stop.Think.Connect. that includes:
  • ·     Keep a separate password for each account
  • ·     Make passwords long and strong including
    capital, lowercase, numbers and symbols
  • ·     Limit how and who has access to what you post by
    using privacy settings on websites and set to your level of comfort

Our next blog will cover a list of resources. 

Enhanced by Zemanta