Archive for category Uncategorized

My Heart Bleeds: What you need to know about Heartbleed

Guest Blog Entry By Christopher Burgess, CEO Prevendra

Heartbleed, is the name given to the bug which was found within the OpenSSL and has rendered many of our individual passwords compromised. The situation has been making the news over the past few weeks since the bug was discovered in late March and the patch put out in early April.

What makes Heartbleed so important, is the companies who are using SSL (that is the HTTPS in your browser window) all have to make patches to their software, and you as a user have to change your password once this has been accomplished.  To help, we’ve compiled some information, which you as an individual user need to know about Heartbleed and the ensuing aftermath of criminal activity surrounding exploiting us as we move through the remediation steps. Let’s start with, “what is Heartbleed?”

What is heartbleed:

Heartbleed was a bug within the OpenSSL code which many organizations and companies used to provide Secure Socket Layer (SSL) connectivity between your computer and the server hosting the website which you were connecting. The bug, located in the portion of the OpenSSL code called the “heartbeat” went undetected for almost three years. Once discovered, a patch was provided by OpenSSL, the U.S. Cyber Emergency Response Team (CERT) provided guidance on how to patch. The role of the individual user was to wait and then change your passwords, as Heartbleed compromised the SSL.

What is being done:

Most companies are patching their servers, renewing their security certificates and advising their constituents via postings on their page to change their passwords, or sending advisory emails asking you to visit the site and change your password (more on this below).

What can you do:

You can be patient and attentive. To prepare you should locate a strong password generator tool, as you will be changing a lot of passwords.  Here are two:

Password Generator Tool(available for download) from Source Forge

Ultra High Security Passwords from GRC the perfect password

Now go to each site where you log-in and check if the site has updated for the Heartbleed bug which rendered the site vulnerable.  How can you do that? Use one of these tools.

Github:  Heartbleed Test

TrendMicro:  Heartbleed Test

If the site has updated or is not vulnerable to the Heartbleed vulnerability, change your passwords and use a STRONG password.

What to watch out for:

Now it should come as no surprise to you that miscreants are using this period of high activity and rapid change to slide into the mix and get folks to click and download various items.  Phish and Scams taking advantage of Heartbleed are making their rounds. They have been seen as full-on spoofing of your bank – An email comes in ostensibly from your bank, advising you that the Heartbleed patch has been made and now you should “click this link” to change your password.  Others come in from friends whose email accounts or social network accounts have been compromised and carry content similar to, “have you read about Heartbleed, you need to read this one to stay safe” and then the reader clicks on the URL link and is taken to a site which contains malware (malicious software) waiting to be downloaded to your device.

Do NOT click on links in passwords or website or social network posts advising you to update and change your passwords – instead – type in the URL directly in your browser window.

Is there more to come?

The Heartbleed vulnerability has been identified and a remedy availed to industry. Some devices which contain the OpenSSL version with the vulnerability are a bit slower to remedy as it may require an update to firmware on the device. These include routers, DVR’s, etc. which many of us have in our homes. Keep an eye on these, and check for the software update feature (regularly) as this is the avenue by which the manufacturer will close the vulnerability.

Stay safe, and secure.

Christopher Burgess

About Senior Online Safety

Read more about online safety and scams at Senior Online Safety – published daily (alternating days in English and Spanish) and Follow along by connecting via Twitter, Facebook, and Google-Plus – Senior Online Safety exists as so many of us are answering questions for our parents, aunts, uncles and grandparents; as it matters not what age we are, if we know how to keep each other safe, we all win.

The guide: Senior Online Safety is available at all e-book retailers (including Amazon – Kindle, iBookstore – iBook and Barnes & Noble – Nook)

About Christopher Burgess:

Christopher Burgess is the CEO of Prevendra, a security, privacy and intelligence company.  He is also an author, speaker and advocate for effective security strategies, be they for your company, home of family. Christopher authored the e-book, “Senior Online Safety” (Prevendra, March 2014) and is the voice behind the website, Senior Online Safety.” Prior to the founding of Prevendra, Christopher held a variety of private and public sector positions, which included, chief operating office of a big data analytic company, Atigeo; Senior Security Advisor to the CSO of Cisco, a Fortune 100, and 30+ years within the Central Intelligence Agency, which awarded him the Distinguished Career Intelligence Medal upon his retirement.  Christopher lives in Woodinville, WA with his family, two dogs and two horses.

No Comments

Covering Your “Six” – A Technique to Improve your Situational Awareness

 

Covering Your “Six” – A Technique to Improve your Situational Awareness

We all know that awareness of surroundings is the frontline to personal safety.

Regardless of where we are and what we’re doing, it’s vital to always remain alert and aware. Police officers remind us that those who aren’t aware make for much easier or “softer” targets.

Law enforcement also reminds us that we must be aware of what‘s going on behind us at all times. This is because the majority of surprise attacks come from this blind spot, also known as our “Six O’clock” position.

A technique taught by law enforcement and the military improves awareness of your “Six” dramatically.

It’s as simple as remembering to look left and right whenever you walk through an entrance or exit, or step off an elevator.

Here’s an example. The last time you exited a retail store and turned right to head up the sidewalk, did you remember to look left first? Keep in mind that as you turn to your right, what was your left has now become your brand new blind spot.

A quick look left before you turn right enables you to get a picture of that soon-to-be blind spot, dramatically improving your situational awareness.

Do you do this already? If not, start now. Do others engage in this awareness technique? Not very many.

The next time you’re sitting in a coffee shop, just look across the street and watch people leaving a store or office.  Almost no one looks left and right before making their turn.  Don’t be one of them.

Criminals are very dialed into the body language of people who are aware, and people who are not. They know if you’re alert and covering your blind spot you much more difficult to surprise.

Personal safety is always our personal responsibility. Stay relaxed, remain alert, and remember to cover your six.

 

 

No Comments

Safety Training for Parents with Very Young Children

safe-roomWhile couch surfing one recent lazy Sunday afternoon , I flipped the channel to MSNBC.

It was the top of the hour a show on sexual predators had just begun and it was not “To Catch a Predator” hosted by Chris Hansen

This show focused on the sexual abuse of very young children.

The show reminded me of what I learned when I attended a workshop put on by Seattle based P.E.A.C.E, a nonprofit whose mission is

“To endchildhood sexual abuse and abduction through prevention education

I was reminded of how much more prevalent the abuse of a young child is by someone they know and trust, than it is by a complete stranger.

Although education on “stranger awareness” is important, I was quite surprised to learn that statistics for abduction by a complete stranger totaled 115 according to a 1999 Department of Justice study.

I also learned that 1 in 4 girls and 1 in 6 boys are sexually abused before the age of 18. (A Handbook on Sexual Abuse 1988).

After the workshop, I had time to reflect on the amount of energy parents, to include me, spend on warning their children about complete strangers, all the while 90% of sexual abuse of a child is perpetrated by someone well known to the child and family. Someone in a position of trust who essentially “flies under the radar”

A workshop with PEACE of Mind puts all the data in perspective and then offers parents’ valuable instruction on how to educate/ empower their children to always obey their instincts, understand what inappropriate behavior looks and feels like and most importantly to not fear communicating such with their parents.

The mother of the abused 6 year old on the MSNBC show repeatedly expressed her feelings of guilt for not realizing that all the while she vigilantly protected her children from any threat from outside, it was in the next door room in her house that the abuse was occurring.

She started a petition to get her state to modify Megan’s Law to require minors convicted of sexual assault to also have to appear on the states registry.

It was the young boy’s 17 year old uncle who had been abusing him. Unbeknownst to the family, he had a previously been convicted of a similar crime, but due to his minor status he was not added to the sex offender list.

Larry Kaminer

, , , ,

No Comments