Sunday, April 13, 2014

A Heartbleed, Worn Out Windows and the Business of Cybercrime

  • Last week, researchers at Google and Codenomicon (in Finland) identified a security flaw in OpenSSL, a piece of security software used on the Internet. Known as the Heartbleed bug, the flaw may be active in about 17% of web servers, as well as some smartphones and other communication devices. While the flaw may have been in place for about two year, firms such as Google, Facebook, Yahoo and Dropbox said they have addressed the problem; but there are concerns that the National Security Agency (NSA) may have used the flaw in its surveillance efforts. A U.S. government spokesperson said; "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report," 
  • Also, Microsoft terminated free technical support for Windows XP (released 12 years ago), which included security patches. It is estimated that about 25% of personal computers around the world still use this version of the operation system. Notably, as the April 15 deadline for filing taxes in the U.S approaches, it is believed that over 50% of the Internal Revenue Service’s personal computers still use Windows XP. The agency stated, “None of our filing season systems or other major business operating systems for taxpayers use Windows XP”
  • The RAND Corp. report “Markets for Cybercrime Tools and Stolen Data” (March 2014) stated that “The hacker market—once a varied landscape of discrete, ad hoc networks of individuals initially motivated by little more than ego and notoriety—has emerged as a playground of financially driven, highly organized, and sophisticated groups. In certain respects, the black market can be more profitable than the illegal drug trade.” 
 MY TAKE
  • Regarding the Heartbleed bug – it is another example of the Internet’s complexity and privacy issues associated with rapid advances in technology. 
  • Regarding Windows XP – its installed base is a reminder that as technology advances, many “legacy” systems remain vulnerable to cyberattacks. 
  •  Regarding the RAND Corp. – their report highlights that, within the mix of old and new technology, exploiting security flaws is a big and growing business. Bottom line - as Internet technology growth continues, threats to our privacy, data security and personal information will likely increase. These dynamics will result in both negative economic impacts and the creation of new business opportunities.

3 comments:

  1. In the past decade, cybercriminals have quickly adapted to most security controls deployed by banks. Financial institutions introduce a new, sophisticated security control, and cybercriminals develop creative methods to bypass them. When cybercriminals invent ways to bypass these security measures, banks further tighten controls or deploy a new control to address the gap, which starts this cycle all over again.

    ReplyDelete
  2. I recently found many useful information in your website especially this blog page. Among the lots of comments on your articles. Thanks for sharing. website search engine marketing

    ReplyDelete
  3. You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers. free speech

    ReplyDelete