InfoSec Links April 24, 2014

Heartbleed disclosure timeline: who knew what and when - Ben Grubb - The Sydney Morning Herald

A pretty good breakdown of the Heartbleed timeline. Google’s security team was the one that found the bug and they’ve recently begun to take some flak on not notifying people more quickly.

Ephermal Apps - Bruce Schneier - Schneier on Security

I am beginning to question everything in my life and you should to. Case in point, Snapchat says pictures are a one and done, but are they really? The recipient could screenshot the communication and Snapchat could be storing those images on an internal server.

States: Spike in Tax Fraud Against Doctors - Brian Krebs - Krebs on Security

Just another reason to get your taxes done as soon as possible. If you don't like doing taxes and you procrastinate until the April 15 deadline then you just may find that other people have filed taxes on your behalf. In this link it appears doctors are being targeted, but they're far from the only target.

 

 This post first appeared on Exploring Information Security.

OpenSSL Heartbleed Links April 12, 2014

Trying to protect yourself from Heartbleed could land you in jail - Chris Smith - BGR

There are laws in place that say testing a website's security without permissions is illegal. This would include running checks using Heartbleed websites or the Heartbleed Chrome app i linked to in Friday's post. They would have to enforce the law first, but technically you're still breaking the law when you do it. Which just further highlights how far behind the law is when it comes to the internet.

NSA Denies Knowing About Heartbleed Bug - Denver Nicks - Times

It was only a matter of time before the NSA was going to be thrown under the Heartbleed Bug Bus. The NSA has two directives to gather intelligence from it's enemies AND defend the country. Knowing about the bug in OpenSSL and not reporting it would be a massive epic fail for the NSA.

How The Heartbleed Bug Works - xkcd

A very well done, yet simple, visualization of how the Heartbleed bug works.

This post first appeared on Exploring Information Security.