If You're Not Investigating, You Are Out of Touch! : HEARTBLEED, Ransom Attacks, What Is Next? Traditional PASSWORD Authentication Failed Yet Again!

Thursday, April 10, 2014

HEARTBLEED, Ransom Attacks, What Is Next? Traditional PASSWORD Authentication Failed Yet Again!

HEARTBLEED, Ransom Attacks, What Is Next?

Traditional PASSWORD Authentication Failed yet Again!

By Nick Ashton, Founder, CEO, Tracometry Group of Companies.

This prove yet again that traditional PASSWORDS have FAILED! IT managers, directors etc. are not examining their software and servers because they are too busy fighting human elements. They are always in a reactive mode fighting the Hackers. Phishers and Man in the Middle Brutal Attackers who are preying on the frailty of humans.

Proactivity and a cohesive understanding of what part our computers play in our day to day business is not just for the IT department, it is the Chief Executive Officer, Board and those in charge of the corporation to understand all aspects on business.

Failure here or ignoring what you are being told is a Negation of the Duty of Care/Corporate Governance. Meaning, you are liable as you knew, as you were told verbally or in writing, did nothing and completely left the shareholders, clients and customers vulnerable. No insurance policy will cover you, as you failed!

Humans make mistakes and leave open their front and back doors regarding personal information.

We reiterate, that there is a far more secure method for corporations to maintain their security as they have more end to end, data in motion between their employees, satellite, regional offices that has to be totally secure.

The basis of all communications, data, video, audio and images is security.

Today, so many want what you have and will go to great lengths to steal it.

With this in mind, KEYTALK Secure Computer Connections is the basis of all we do. We start with a secure connection from the outset and are able to transit all in the knowledge it cannot be seen by anyone! Totally invisible and anonymous in sending and receiving data.

It is an end to end, data in motion secure connection that uses no password. Correct no password! Passwords are too Human and susceptible to theft and misuse. In fact, how does the system know it is even you? It does not!

Device DNA is the KEYTALK Way!

When your IT department sets up the devices, which takes seconds, yes any devices, a true BYOD, (Bring Your Own Device) solution, they select components within the Smart Mobile Phone, Tablet, Laptop, PC or Mac and those become your DNA.

The human element is removed and now, when you connect, you are authorized as a trusted device and now go about your business in total security.

No matter what your business or operating system, even defunct Windows XP, we can provide security from Hackers, Phishers, Man in the Middle Brutal Attackers. Cyber Terrorists can see nothing you do, even in Public & Hotel Wi-Fi Hotspots.

This can be overlaid on Point Sale, Vehicles, machine to machine and all that require certificates that must be updated for security purposes. Simple virtual no maintenance required!

All affordable on a monthly or annualized commitment and is included in all our services or in a standalone operation.

In one government operation, a Federal building, the log-on and password for the Secure Wi-Fi Hotspot is displayed prominently on the cafeteria wall in large readable letters and numbers. This is a public area!

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”

An easy-to-use exploit that is being widely traded online allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL “libssl” library in chunks of 64kb at a time. As CERT notes, an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets.

Affected are OpenSSL versions 1.0.1 and 1.0.2-beta, which include such releases As Debian Wheezy, Ubuntu 12.04.4 LTS, Centos 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2.