Green Technology News

Technology that powers 470 million devices

He we have some news about some  latest green technologies that are emerging.. TAT technology is one of the kind of technologies that powers more than 470 million devices, about 15% phones and 20% touch phones it also powers car clusters and tablets..

Best future technologies YouTube

Future technologies that will blow your mind.Technology that is beyond your thinking convenient and innovative..

White Hats Use Heartbleed to Steal Keys

White Hat is Using Heartbleed to Steal Keys

heartbleed Bug banner

The tech industry reeled last week when security researchers discovered a flaw in a key security technology in the Internet’s infrastructure. Heartbleed OpenSSL zero-day vulnerability The bug, ghoulishly named “Heartbleed,” was found in an open source library, OpenSSL, used by the protocol, SSL, used to encrypt data in transit on the Net. By exploiting the flaw with a specially crafted packet, hackers can extract data from a server’s memory in 64K chunks. > “This is indeed one of the worst vulnerabilities in the history of the Web,” Amit Sethi, a technical manager at Cigital, told.

“It has been present in OpenSSL for over two years, during which time it has made it into a lot of software.” “Unlike many other vulnerabilities in SSL implementations that we have heard about in recent years,” he continued, “this one does not require the attacker to be positioned between your computer and the server. The attacker can go directly to the server and get any information that you recently exchanged with it over a secure channel.”

Keys May Be Safe… or Not:

One of the most serious concerns raised by the bug is that the private encryption keys to a whole host of websites may have fallen into the hands of Net marauders. Those keys are used not only to unscramble encrypted data, but also to authenticate websites.

“The best short-term fix — patching or upgrading the software — may prevent future breaches, but the horse may already be out of the barn, so to speak, if passwords or SSL keys were compromised before the patch was in place,” Nathaniel Couper-Noles, a principal security consultant with Neohapsis, told.

After a week, though, there were no reports of any private keys being compromised — and that may be one scenario that won’t materialize in the wild.

“After extensive testing on our software stack, we have been unable to successfully use Heartbleed on a vulnerable server to retrieve any private key data,” blogged Nick Sullivan, a software engineer and security architect with CloudFlare.

“Note that is not the same as saying it is impossible to use Heartbleed to get private keys. We do not yet feel comfortable saying that,” he cautioned.

“However, if it is possible, it is at a minimum very hard. And, we have reason to believe based on the data structures used by OpenSSL and the modified version of NGINX that we use, that it may in fact be impossible,” Sullivan continued.

“Even with Apache, which we think may be slightly more vulnerable … we believe the likelihood of private SSL keys being revealed with the Heartbleed vulnerability is very low,” he added.

As low as it may be, it appears it can indeed be done. Following the posting of Sullivan’s blog, at least four white hat hackers used Heartbleed to snatch the private key to a CloudFlare server placed online to allow security researchers to test the firm’s analysis of Heartbleed and key theft.

Phishing Attack Increase:

Unique phishing attacks numbered 115,565 in the second half of 2013, down 6 percent from the second half of 2012, when 123,486 attacks were reported, according to figures the Anti-Phishing Work Group released last week.

However, phishing attacks jumped 60 percent in the second half of last year compared with the first half, when only 72,758 were reported.

“One reason for the increase is that the Chinese are phishing each other a lot more,” Rod Rasmussen, author of the report and president and CTO of Internet Identity, He told. Eighty-five percent of the domain names registered for phishing were registered by Chinese phishers, according to the report.

Also contributing to the increase was an expansion of phishing targets.

“The traditional thing for phishing was to get access to someone’s financial information,” Rasmussen explained. “We’re seeing as lot more of that, but also a lot of targeting retail and smaller outlets.”

The median time to take down a phishing site is at a near historic low — seven hours, 54 minutes, the report notes.

“That may be another driving factor for why there are more phishing sites,” Rasmussen said. “If they’re getting taken down faster, they have to put more up. So we’re making the bad guys work a little harder.”

Vulnerable shared-hosting providers were a favorite target of phishers, with 18 percent of all phishing attacks originating from that source, the APWG reported.

“If a bad guy breaks into one server, he can have a 100 or more primo phishing sites ready to go for him,” Rasmussen said. “He doesn’t have to work as hard, and it keeps the resources flowing.”

Breach Diary:

• April 7. Google’s Finnish security team reveals Heartbleed bug in OpenSSL library that allows sensitive data, such as private encrytpion keys, to be stolen from websites and a variety of devices, including routers and mobile phones.

• April 7. United States District Court in New Jersey finds Federal Trade Commission has the authority to bring enforcement actions against companies over lax data security practices.

• April 7. Security Mentor and Enterprise Management Associates release survey reporting that 56 percent of employees receive no security awareness training.

• April 8. HID Global Security releases survey showing more than half of organizations have not upgraded their Physical Access Control systems in the last year, and more than 20 percent in the last three years.

• April 8. Symantec releases 2014 Internet Security Threat Report finding that 552 million identities were exposed in data breaches in 2013. It also reveals that the number of breaches in 2013 increased 62 percent over the previous year.

• April 8. Court of Justice of European Union declares invalid a Data Retention Directive that requires member states to store citizens’ telecommunications data for a minimum of six months and maximum of 24 months and allows law enforcement to access that data with the approval of a court.

• April 9. Electronic Frontier Foundation launches medical privacy project to identify the emerging issues and to give advocates the information they need to fight for stronger protections for patients.

• April 10. Microsoft reveals that the European Union’s data protection authorities have found the company’s enterprise cloud contracts meet the EU’s high standards for privacy.

• April 10. Canada’s national revenue agency suspends filing of tax returns at its website until it finishes an investigation of the impact of Heartbleed on the site.

• April 10. The Federal Financial Institutions Examination Council puts financial institutions on notice that it expects them to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the Heartbleed vulnerability.

• April 10. Cisco issues threat metrics for March showing an increase in the likelihood of encountering malware on the Web. The median encounter in March was 1:260 compared 1:341 in February. Cisco attributed interest in the NCAA basketball tournament as a driver of the increase.

• April 12. 20th anniversary of first mass commercial spam on the Internet. Husband and wife immigration lawyers Laurence Canter and Martha Siegel used a Perl script to post a spam message to more than 5,500 message boards on Usenet in about 90 minutes.

iPhone Mini

New iPhone mini..with illuminated apple logo 3D front cam, 3D rare cam and 3D display

Heartbleeding Can’t be Stanched by Consumers

Consumers can do little to protect themselves from the catastrophic Heartbleed bug.

heartbleed Bug banner

“Catastrophic is the right word,” wrote security guru Bruce Schneier in his blog this week. “On the scale of 1 to 10, this is an 11.”

Heartbleed is an extension of the “SSL/TLS” protocol used to encrypt data in transit on the Internet. The most common evidence of SSL to consumers is the padlock icon displayed by URLs that begin with “https.”

Heartbleed is used to keep a secure connection alive. The flaw in it, discovered this week, allows unencrypted data in memory to be scooped up by Web marauders 64,000 bits at a time.

“This issue affects hundreds of thousands of websites — potentially up to 20 percent of all sites with “SSL/TLS” enabled — as well as email, IM and other servers protected by SSL/TLS encryption,” Brent Bandelgar, an associate security consultant with Neohapsis.

“The attacks are simple, untraceable and expose the crown jewels of encryption — server private keys — among other data handled by trusted servers such as user names and passwords,” Bandelgar explained.

“Attackers that gain server private keys can impersonate trusted servers without raising warning screens in browsers and can potentially decrypt previously recorded encrypted sessions,” he added. Continue reading →