This is my first post to my new blog, Random Access. The purpose is pretty much to give a summary of some of the major stories involving technology and gadgets. I doubt many of these posts will relate to consumer products, because I'm too poor to care about the new iPhone. Mostly I will talk about things that affect the masses, as you will see in a few lines. I wanted to do this because I feel a lot people see these important topics in passing and may not fully appreciate the impact the event will have on them. Also, and this may be completely false, but I am not sure everybody understands the severity of some of these issues, such as internet privacy, neutrality, and just how true some action movies are. I guess that sums it just about up, but if this becomes a thing that I do, you'll begin to see what I mean.
Zero Days
After that weak introduction we should talk about what the title means. "Zero Days" are the title given to security loopholes that have already been exploited by hackers. They are named as such because developers are unable to prepare or fix the problem before it is compromised. There have been two very large security problems that have surfaced lately, the Hearbleed bug and the IE flaw.
The Heartbleed was a bug within the secured socket layer (SSL) of nearly every major website. It basically works underneath the HTTP you see before every web address. What SSL provides for you while browsing are: confidentiality, integrity, authentication, and non-repudiation. It allows you to form an agreement with whatever ecommerce site you are on that the current session is secure. The real scary thing about Hearbleed, is that it was an ongoing problem, that wasn't made public until recently. This means that some hackers could have been taking advantage of this loophole for a long time. Even foreign attackers could have penetrated some sites and stolen consumers' information. The bottom line is, that you are not always safe online, even if you see that "s" at the end of HTTP, your session can still be compromised.
The second big security story was the flaw in IE. I jokingly posted an article to Facebook, asking who uses IE now anyway? Well it turns out to be quite a few people, especially if you look at it from a global standpoint. The flaw in IE was exploited using a watering hole attack. A watering hole attack starts with the attacker inserting a flash file that a user is likely to visit. The flash files exploit the flaw in IE. The flaw allowed attackers to take over the user's computer and even install malicious software on the user's computer. The thing with IE is that it comes with Windows OS, including Windows XP which is still used by a large number of stubborn users. Businesses are among the users that still run XP, afraid to switch over for reasons of costs, and reliability. Microsoft dropped support for XP which put those that use IE and XP at the most risk. The IE flaw ran from IE 6-11, with XP limited to IE 8. Microsoft has since released a patch to fix this, which was also available to XP users.
What the main point is, I fear that people have become complacent with our confidentiality online. I'm not talking about social media privacy, or gmail, but something that somebody can potential ruin your livelihood if precaution is not taken. I realize that this may sound like I'm a little paranoid, however some skepticism goes a long way. While we move our lives more and more to a web based foundation, it is important to understand to whom we are entrusting our lives with. It can be difficult to comprehend that people are able to take this very private information from us without stepping into our homes.
No comments:
Post a Comment