Email I received from CloudFare this morning: You’re protected from the Heartbleed vulnerability because you have CloudFlare turned on for your website. We fixed the flaw on March 31 for all CloudFlare customers, a week before it was publicly announced. Heartbleed (CVE-2014-0160, http://www.openssl.org/) is a flaw in OpenSSL, encryption software used by the vast majority…
Category: Of Note
Pointing fingers, Thursday edition – U.S. Info Search tells its side
On April 8, this blog published a post concerning the Court Ventures breach that questioned whether Experian was getting a bad rap for a breach that started with Court Ventures and its reciprocal data sharing agreement with U.S. Info Search. Unbeknownst to DataBreaches.net at the time, U.S. Info Search had issued a press release the…
Before you panic and change all your passwords because you’ve read dire warnings on Heartbleed….
For my non-techy, non-security professional readers: Before you panic and race around to change all your passwords because you’ve heard how serious the Heartbleed bug is as a threat to your privacy and data security, read this piece by Graham Cluley. There’s been a lot of bad advice out there, and as he notes, changing…
Critical crypto bug, Heartbleed, exposes Yahoo Mail, other passwords Russian roulette-style
Kudos to Dan Goodin for trying to help the public understand the significance of Heartbleed: Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the…
The Biggest Security Breach in the History of the Internet May Have Hacked All Your Information
Tom McKay reports: The news: Security researchers have identified a very, very serious security hole in one of the fundamental technologies protecting personal data all across the Internet. OpenSSL, the cryptographic software library that an estimated two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping, has been vulnerable to hackers for…
EXCLUSIVE: U.S. Info Search is responsible for notifying victims of breach, not us – Experian
Because the data were owned and controlled by U.S. Info Search, Experian says they are not responsible for notifying victims of a breach involving Court Ventures, a firm it acquired in 2012. So why does the media only have Experian’s name in the headlines? Jim Finkle of Reuters recently reported that there is a multi-state investigation…