Looking for a job? Clean up your Facebook account first

Are you looking for a job? Clean up your Facebook account first

Having a hard time finding a job? You might want to have a second look at your Facebook profile.

Having a hard time finding a job? You might want to have a second look at your Facebook profile.

Yes, employers extend their background check even to your social media presence. “The prospective employer these days may be more interested in what your name pulls up in search engines than how perfectly coordinated your shoes are with your power suit,” said Robert Siciliano, a personal security and identity theft expert.

That’s why cleaning up your online profiles on Facebook, Twitter, Google+ and other social media networking sites may be the first thing you must do to prepare for an interview.

Here are more reasons why you should start digging up your profiles.

1. Your digital footprint says a lot about you

Your CV is just a piece of paper. Employers would like to look at your personality and, unfortunately, your rants and indecent photos during college give a very bad impression.

2. Most employers use social media to research on people

While calling your character references seem to be a good option, most employers prefer to use the easy way — social media background check. So make sure your online profiles are squeaky clean before you step into that interview.

3. Privacy settings are not always reliable

The truth is that privacy settings among these social media networks are prone to frequent change. That’s the power of social media. Everything you post is visible to everyone but they’re doing a good job at concealing it through privacy settings. Before you upload or type something, always make sure to think about the consequences first.

4. Changing trends in social media

Notice updates on your social network’s settings from time to time? You should pay attention to that and change your settings accordingly. Social media is consistently evolving and as a responsible user, you should always be informed and keep up with the latest trends.

5. It is used for verification

After ‘Googling’ you, there’s a tendency for employers to verify what they just found during the interview in a subtle manner. Employers are more interested about your personality and honesty is always a good virtue to start with. So if you’re always out partying all night and claim that you’re an introvert, that may be a big no-no.

Copyright © 2014 Khaleej Times. All Rights Reserved. Provided by Syndigate.info, an Albawaba.com company

Health care site flagged in Heartbleed review

Health care site flagged in Heartbleed review

WASHINGTON (AP) — People who have accounts on the enrollment website for President Barack Obama’s signature health care law are being told to change their passwords following an administration-wide review of the government’s vulnerability to the confounding Heartbleed computer virus.

Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government’s Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page.

The Heartbleed computer bug has caused major security concerns across the Internet and affected a widely used encryption technology that was designed to protect online accounts. Major Internet services have been working to insulate themselves against the bug and are also recommending that users change their website passwords.

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: “While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution.”

The health care website became a prime target for critics of the Obamacare law last fall when the opening of the insurance enrollment period revealed widespread flaws in the online system. Critics have also raised concerns about potential security vulnerabilities on a site where users input large amounts of personal data.

The website troubles were largely fixed during the second month of enrollment and sign-ups ultimately surpassed initial expectations. Obama announced this week that about 8 million people had enrolled in the insurance plans.

The full extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years. Although it’s conceivable that the flaw was never discovered by hackers, it’s difficult to tell.

The White House has said the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month. The federal government relies on the encryption technology that is impacted — OpenSSL — to protect the privacy of users of government websites and other online services.

The Homeland Security Department has been leading the review of the government’s potential vulnerabilities. The Internal Revenue Service, a widely used website with massive amounts of personal data on Americans, has already said it was not impacted by Heartbleed.

“We will continue to focus on this issue until government agencies have mitigated the vulnerability in their systems,” Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications, wrote in a blog post on the agenda website. “And we will continue to adapt our response if we learn about additional issues created by the vulnerability.”

Officials wouldn’t say how government websites they expect to flag as part of the Heartbleed security review, but said it’s likely to be a limited number. The officials insisted on anonymity because they were not authorized to discuss the security review by name.

___

Follow Julie Pace at http://twitter.com/jpaceDC

One in three Android apps on non-Google stores are malicious, study finds

One in three Android apps on non-Google stores are malicious, study finds

Almost a third of Android apps on third-party app stores contain some form of malicious software, according to research from cybersecurity firm Opswat.

Knock-off versions of popular apps such as Twitter and Angry Birds dominate the list of suspicious downloads, while one-shot joke apps such as ‘screen crack’ make up the rest.

The firm downloaded almost 12,000 app files from various sources of Android apps other than the official Google Play store, and loaded them into their proprietary anti-malware system Metascan, which flagged 32% of the apps as suspicious.

Metascan works by using multiple anti-malware libraries, and the majority of the apps it highlighted were marked as malware by just one service. Additionally, many files were picked up because they had been classified as adware, “which is not universally considered malware,” says Opswat’s director of professional services, Dan Lanir.

But even when only counting apps which were flagged by at least two libraries, and which were flagged for something other than being adware, almost one in ten qualified.

The news illustrates a long-running problem for Android: the system’s openness is frequently taken advantage of by malicious actors. While the Google Play store is largely safe – except for scam apps such as Virus Shield, which cost $3.99 and did absolutely nothing – a selling point of Android is that the OS will run apps downloaded from other stores.

‘Fake’ Android antivirus app developer says Virus Shield was a ‘foolish mistake’

This article originally appeared on guardian.co.uk

Who Hacked Russian-American Chamber of Commerce Site?

After Heartbleed, What Other Bugs Lurk On The Internet?

Hacker

In wake of Heartbleed, the Internet security flaw that exposed at least two-thirds of websites to the risk of data theft, security professionals and programmers are warning that other serious vulnerabilities are looming. From so-called injection flaws to faulty authentication systems, hazards and hackers are just around the corner.

“Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure,” the Open Web Application Security Project (Owasp) said in its report of the 10 most critical cybersecurity risks of 2013. “As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially.”

At the top of the group’s list are injection flaws, which occur when an attacker submits untrusted data to trick a website into performing an unintended command, such as allowing access to private accounts. Owasp ranked injection flaws as the most critical for how easy they are for malicious hackers to exploit, how common they are and how severely they can impact a business.

The second-biggest flaws are authentication (password login) systems that aren’t implemented correctly. There are also cross-site scripting (XSS) flaws, which happen when an application takes untrusted data and sends it to a web browser without validation. The Syrian Electronic Army uses XSS attacks to deface websites and other hackers can use XSS to redirect users to malicious sites or hijack user sessions.

What’s especially troubling about the list is that top five worst risks in 2013 are the exact same as the worst risks in 2010. Despite the fact that all programmers are taught to avoid these errors, imexperienced programmers working on increasingly more difficult lines of code allows these flaws to continue cropping up. 

“If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization,” Gerald M. Weinberg, a computer scientist, wrote in his 1971 book, “The Psychology of Computer Programming.” The aphorism has since been dubbed “Weinberg’s Second Law,” and Heartbleed showed that it’s just as true today as it was more than 40 years ago.

The people writing the code can’t be entirely blamed. Programmers are often given scant direction in building software, and their efforts often aren’t rewarded. Open-source software like OpenSSL, the software that Heartbleed attacked, are controlled by a nebulous team of volunteers.

Private companies are also often unwilling to spend money on new systems or proper bug testing and correction.

“You don’t wanna know how much relies on very old systems and technology [sic],’ an IT professional using the name “He_knows” wrote on a Reddit thread created to discuss cybersecurity vulnerabilities that the public isn’t aware of.

“We can write good software, but it costs a fortune and business priorities often mean good enough is good enough,” Reddit user “noir_lord” wrote.  

This often means a company will pay for good developers to build software and get it running, only to replace them with less experienced and inexpensive developers to watch after it. Years later, the IT staff is unaware of how the original software was even built in order to modify or change it.

Security firms like Codenomicon, which discovered the Heartbleed vulnerability, have built programs to automatically test computer systems, making bug testing quicker and less expensive. IT professionals talk a lot about “defensive programming,” and urge businesses to realize that is most cost effective to spend time and money testing for bugs than it is trying to recover from a hacker attack.

There is also the problem of computer illiteracy putting everyday Internet users at risk. The majority of people still use default passwords like “password” or “123456,” fail to use malware detection to check for programs that record keystrokes or create a backdoor into the computer, and rely too much on insecure Wi-Fi networks.

“Nearly every single Comcast router I’ve ever tested is vulnerable to a WPS (wifi protected setup) authorization bypass vulnerability,” Reddit user FarcusDimagio said in a page dedicated to discussing cybersecurity risks. WPS allows even inexperienced hackers to easily get around most Wi-Fi passwords and join the network to eavesdrop or do serious damage.

As for individual computer users, there are several small things to be safer online. Users should choose a different password for every website they choose, write them down on paper and store that paper in a safe place. Wi-Fi customers can ask their service providers how to disable WPS and keep their routers safer. People also should take advantage of free malware detection software like Malwarebytes.

In general, security experts think everyone can be safer online with a little bit more computer literacy. In the same way that most car owners may not be mechanics but still understand the basic of how a car works and how to protect it, users need to understand how their computer and the Internet works in order to defend against the next security crisis. 

Terrifying interactive map shows global cyber attacks happening in real time

Terrifying interactive map shows global cyber attacks happening in real time


Cyber Attack News Map

Heartbleed is hardly the only online threat we have to worry about these days. The massive OpenSSL bug should certainly be taken seriously — here are all the passwords you should change immediately because of Heartbleed — but there are threats around just about every corner on the Internet. LaCie on Wednesday confirmed that it was the last company to fall victim to a massive cyber attack where users’ credit card data was compromised, but it is hardly the only recent target.

In fact, you’ll be shocked to learn how many cyber attacks are taking place right now as you read this.


kasperksy-map-3

Antivirus and Internet security software firm Kaspersky recently created a beautiful and terrifying interactive world map that gives us a real-time look at all of the cyberthreats that exist around the globe at any given time.

The design is terrific but the threat it represents is real and should not be taken lightly — malicious hackers are constantly attacking networks, companies and even individuals.


kaspersky-map-2

The two GIF images above represent a static view of cyber attacks occurring in various regions around the world, but the full interactive, real-time cyberthreat map can be seen by following the link below in our source section.

Heartbleed: 95% of detection tools 'flawed', claim researchers

Heartbleed: 95% of detection tools ‘flawed’, claim researchers

Some tools designed to detect the Heartbleed vulnerability are flawed and won’t detect the problem on affected websites, a cybersecurity consultancy has warned.

The Heartbleed flaw, which undermined the common security software for internet connections called OpenSSL, caused mass panic last week due to the ease with which it could be exploited to acquire passwords or encryption keys, potentially leaking sensitive personal data from popular consumer websites.

A deluge of tools then hit the internet promising to help people determine whether the web services they were using or hosting were affected. But 95% of the most popular ones are not reliable, according to London-based security consultancy and penetration testing firm Hut3.

‘Absolute panic’

“A lot of companies out there will be saying they’ve run the free web tool and they’re fine, when they’re not,” Hut3’s Edd Hardy told the Guardian. “There’s absolute panic. We’re getting calls late at night going ‘can you test everything’.”

Most of the tools checked by Hut3 rely on code designed to highlight the flaw created by developer Jared Stafford, which itself contained problematic bugs, said Hut3 penetration tester Adrian Hayter. These included tools created by major tech companies such as Intel-owned security firm McAfee and password management provider LastPass.

Hayter uncovered three problems with the Heartbleed checkers, which could lead to many cases of sites remaining vulnerable. One of the issues was to do with compatibility with different versions of SSL, the Secure Sockets Layer kind of web encryption affected by the Heartbleed flaw.

“The Heartbleed Checker is designed to work with common system configurations found in the wild,” said Raj Samani, CTO for Europe, the middle east and Asia at McAfee. “There have been reports of detection failure rates of around 2.8% due to these configurations. We were aware of the possibility and have provided a disclosure directly above our checker. We are continually reviewing and revising our code and technique.”

Joe Siegrist, CEO at LastPass, said: “Unlike all other tests, LastPass is not actually attempting to exploit the bug to test if it’s currently present – we’ve been unsure if that’s legal for a US entity to do.

“Our focus has been in ensuring people are updating/revoking their certificates, and that we’re reflecting what major organisations are saying about their exposure. Can you update or make a new certificate and keep the heartbleed bug in place? Sure, but that’s what all the other tests are for.”

Widespread consequences

“It is yet another symptom of the ‘hit the ground running’ approach that has characterised the response to this vulnerability,” said Rik Ferguson, vice president of security research at Trend Micro.

“The consequences are so widespread and the technology involved so arcane or invisible to the average user, that knee-jerk reactions and well-meaning advice have been offered up with little planning. From the initial Tumblr blog advising user to change all passwords everywhere ‘now’, before most of the vulnerable services would have been patched, to self-confessed ‘quick and dirty’ demonstration tools being incorporated into complete vulnerability scanning tools.”

“The key to success with protection and mitigation of Heartbleed is more haste, less speed – otherwise you may well be sitting in the comfortable haze of a false sense of security. Ignorance isn’t bliss, it’s dangerous.”

There are various versions of SSL and servers hosting websites can support some or all of them. If the server doesn’t support the version that the user machine selects, then it will respond by either dropping the connection or trying to use a different type of SSL which the server does support.

Heartbleed: routers and phones also at risk
Developer who introduced Heartbleed error regrets ‘oversight’
US government denies being aware of Heartbleed bug

Herein lies the problem with the detection tools: in many of them, only one version, known as TLSv1.1, is checked. If the server being tested for Heartbleed doesn’t support TLSv1.1, it will either reject the connection or suggest another version. But the failed detectors do not check for another version and assume any server that does not provide a successful response is not vulnerable, said Hayter.

Similar problems lie in compatibility with “cipher suites”, the selections of algorithms used to set up a secure connection over the internet. “Once again, if the server does not support any of the cipher suites that the client sends, the connection will disconnect,” said Hayter.

Most of the tools he examined only told the server they supported about 51 cipher suites, when there are at least 318 cipher suites that could be used by a website. “Granted, most servers will support at least one of the ciphers in the list of 51, but there could be instances where a server does not support any of them, and in these cases, the server would respond with an error, which the scripts interpret as ‘not vulnerable’.”

The third bug was more simplistic: it meant that on slow internet connections some tools would stop working when processing the response of the server, as they would have a time limit. This would again interpret a server as not vulnerable, even if the partially downloaded response would have been enough to confirm the vulnerability, Hayter added.

Given the panic around Heartbleed, with many prematurely being told to change passwords for all web services, even before those sites had been fixed, the latest findings will do nothing to appease the confusion. Hut3 has created its own tool which it believes could help alleviate some of the pain.

Heartbleed: what you need to know to stay secure

This article originally appeared on guardian.co.uk

Why you should expect your favorite websites to crash over the next few weeks

Why you should expect your favorite websites to crash over the next few weeks


Why Are So Many Websites Crashing

If you find yourself unable to access your favorite websites over the next few weeks, don’t worry: The Internet isn’t broken, it’s just undergoing very needed repairs. The Washington Post has talked with some security experts who expect that patching the Heartbleed bug is going to cause major disruptions on the Internet for a while as major web companies scramble to guard their websites against a bug that caught the tech world flat-footed last week.

“Imagine if we found out all at once that all the doors everybody uses are all vulnerable — they can all get broken into,” Jason Healey, a cybersecurity scholar at the Washington-based Atlantic Council, told the Post. “The kinds of bad things it enables is largely limited only by the imagination of the bad guys.”

Heartbleed is a major flaw in OpenSSL, the security protocol used to encrypt web traffic, that could potentially allow hackers to swipe any data that users send over the web. News about the bug sent shockwaves throughout the tech industry last week as companies are now quickly trying to patch security holes on their own websites to keep their users’ data safe.

One big danger with Heartbleed is that it may allow hackers to steal the security certificates of Google, Facebook, Yahoo and other websites, which they can then use to create fake versions of those sites where unsuspecting users will hand over their user names and passwords. While this kind of hack is sophisticated and time consuming — as the Post notes, it took hacker Fedor Indutny around 2.5 million requests of a particular server before he got access to its certificates — it’s definitely possible for dedicated hackers who are determined to steal user data.

What this means is that websites everywhere now have to go through the arduous process of revoking their current security certificates and issuing new ones to make sure that hackers aren’t able to spoof their websites’ credentials. And because so many websites are going to be doing this all at once, we should expect some major disruptions to the Internet for a while until all the work is done.

Trouble with Russia, trouble with the law: inside Europe’s digital crime unit

Trouble with Russia, trouble with the law: inside Europe’s digital crime unit

Four black brick towers search upwards to an empty grey sky. Mounted security cameras watch on balefully. If it weren’t for all the cheery cyclists passing by, some with surfboards in hand, alleviating the unfaltering graveness of the place, Europol’s headquarters would strike any visitor as some post-apocalyptic Mordor.

The interior, though, is more modern art museum than Kafkaesque bureaucracy. Expressionist paintings line the walls, clean cut modernist marble and pane upon pane of glass reflect the white light pouring in from outside. It’s all very plush. I’m told there’s a sauna somewhere around too.

A charming PR officer takes me up one of the towers, having her palm scanned at the entrance of Europol’s European Cybercrime Centre (EC3). Troels Oerting, who heads up the unit, greets me with a heart pressure monitor disconcertingly attached to his hip. I daren’t ask. After all, we’re here to talk about EC3’s role in the global fight against digital crime, whilst getting a tour of the team’s vast facilities.

And vast they are, covering five floors where the EC3, founded just over a year ago, deals with three different kinds of illicit activity: online child exploitation, credit card fraud, and cyber crime services, traditionally offered by organised gangs offering hackers-for-hire or doing it themselves for their own profit.

We pass the rooms where those unenvious men and women trawl through hours of child abuse images and video footage online. Oerting, a former Danish police officer, doesn’t lead me through those darkened doors.

Then we head to the breakout rooms, where law enforcement agents from across the world come together, either in person or virtually, to tackle urgent cases. Souped-up workstations, mounted screens and videoconferencing gear fill the space. We interrupt three individuals having what appears to be a rather serious discussion in one of the meeting areas. “He’s a journalist,” Oerting says. “Thanks for warning us,” one of the team replies. We move swiftly on.

An “unbreakable” door protects the EC3’s data centre, where all the servers powering worker systems can be found, alongside storage systems holding valuable case data, hidden away from any potential crook who manages to get through the hand scanners and security guards at the front gate. A little lab, where malware and other illicit virtual goods are analysed, is protected by two reinforced doors.

There are bedrooms and shower facilities too, for when agents decide they need to stick around in case of any sudden call for action. Though they look like Ikea-funded prison cells, they’re useful for when investigations suck up officers’ time.

In this together

The forensics room, a Faraday cage where no outside interference can penetrate the walls, is a clinical little area, panels emitting light from almost every corner of the room, helping those tinkering with suspects’ hardware obtain evidence. “A lot of the times these criminals will stamp on their smartphones,” Oerting says, giving me a demonstration of how one might do just that. “But it doesn’t matter, we can still find stuff [on the devices].”

Amongst the 70 workers here, one is an FBI agent, whilst an officer from the UK National Crime Agency’s cyber unit will be joining the team soon. Oerting has a soft spot for the UK, largely because of its regimented approach to tackling all kinds of illicit activity. “What the UK is good at, and I think it’s because they are an old empire, and what I admire about the UK, is that you sit down, you make a strategy and you follow it.

“The UK, even being EU-sceptical, knows that if there is one thing you can’t border yourself from it’s cyber crime … the UK has seen we need to do this together.”

Oerting wants to welcome police and other forensics investigators from across the world, as part of EC3’s mission to act as a hub for cyber sleuths looking into the most egregious of online crimes. One year into its existence, its efforts to foster collaboration have received plaudits from the industry.

“Not only has there been greater collaboration with law enforcement agencies worldwide, but the development of the advisory boards and their collaboration with the private sector shows the value of the public-private partnership. Building upon the collaborative nature of the centre is critical in the fight against cybercrime, and one that I feel EC3 has already demonstrated great success to date,” says Raj Samani, CTO for security firm McAfee in EMEA and a cyber crime adviser for Europol.

From Russia with little love

Yet it’s clear all is not well when it comes to cyber relations between nations. Working with non-EU members such as Russia, where digital crime is rife, is far from straightforward.

Collaborating with Putin’s cyber police is only going to get more difficult thanks to the standoff with Ukraine. Not only would Ukraine have been a useful addition to the EC3 membership, given the level of unlawful online activity in nations of the old Soviet Union, but Russia had started showing signs of greater cooperation, Oerting says. That progress looks likely to be put on hold, possibly indefinitely, especially with the sanctions being imposed by Europe and the US.

“Russia is going through some things that will probably not boost our cooperation,” he says. “85 per cent of our cases are Russian-speaking organised cyber groups, so we need to cooperate with these colleagues … but that’s right now a bit complicated.”

Countries where cyber criminals host their operations also tend to be those nations that do not have extradition agreements with Western powers. Trying to convince non-EU member states or those that don’t have information sharing agreements to make arrests is “very cumbersome”, Oerting notes.

The leaks of Edward Snowden are also causing EC3 grief. Companies are now less willing to share data, even if it clearly relates to criminal activity, as noted in a previous Guardian report. “We will of course see the unintentional downside of this,” the EC3 chief says. “Companies are much more cautious than they used to be.”

Cops losing to robbers

And despite all the money invested in digital policing, Oerting believes the criminals are still winning. The profits are high and the risk is low. Take Cryptolocker, one of last year’s most damaging threats. Known as ransomware, it encrypted users’ data and demanded money from users (usually around 0.3 Bitcoins, currently worth around £110) to unlock the infected system. It infected at least 250,000 machines in 2013. “It’s a money machine. My experts tell me, ‘Troels, if you have 15,000 euros, you invest them here, in one week you will break even, in three months, you have 500,000 euros’.”

On the underground forums, where many of EC3’s agents operate undercover, it’s become apparent just how grand the spoils have become for successful cybercriminals. In one case, officers came across a competition: the person who obtained the largest amount of money through a particular scam would win a Ferrari.

Globally, police have not done a good enough job of deterring online crime, admits Oerting. Right now it is “too easy and risk free”. Legislative issues need to be overcome if law enforcement agencies are to offer real deterrents – a message Europol is spreading amongst European mandarins.

Oerting’s boss, Europol director Rob Wainwright, this month called on MEPs and national parliamentarians for “a fair deal from legislators in giving national and international police authorities the right tools to confront dangerous new forms of organised crime appearing online”. Oerting and Wainright are concerned digital sleuths have not been given the same powers as their “real world” counterparts.

“In the physical world, I’m a cop, and according to Danish rules I am empowered to stop people, to frisk them, to arrest them and take away their freedom for 24 hours. I can take them without asking a judge. I can go to their home and [search] there. And I can eventually use force against them and in the end I can kill people,” Oerting says.

“But if I want just half the same powers on the internet, everybody screams.”

Time to hack back?

More aggressive measures may be required. Legislation should look at speeding up the process of cross-border obtaining evidence, Oerting adds. “Laws have a geographical limitation. If the Dutch or the Danes are looking at a case, they can only go to the border of this case if the server is in another country. How much will we allow this to be done? The security companies don’t ask, they just penetrate and get the information, it doesn’t matter where it is located. And if the door isn’t open they will make sure it will open. We stop and say this server is not physically located on our territory, and we are not allowed to do anything.”

“Our mutual legal assistance process is not sufficient anymore. There is a big need for speeding up the judicial cooperation. One thing is that police cooperation needs speeding up, but also the judicial because [I cannot obtain evidence].”

This may even stretch to “hacking back”, something Dutch politicians have been discussing. This would permit intrusion of servers across borders. Oerting believes this will one day become a reality, it’s just a matter of timing. “Now, when we have Snowden in fresh memory, how do you then persuade somebody that it’s needed for someone in law enforcement to make intrusions?”

“I can see it will come … but we will probably have to wait until there are bodies at the table.”

The concept of hacking back sounds a bit bellicose. Yet visitors to Europol will note the International Criminal Tribunal for the Former Yugoslavia just next door. That’s where Ratko Mladic is standing trial over orchestrating the massacre of more than 7,000 Bosnian Muslim boys and men. For all the current hyperbole around digital attacks, we should be thankful it has not brought about the horrors often delivered by real-world crime. Oerting and his team are hoping to keep it that way.

This article originally appeared on guardian.co.uk

This plugin will warn you immediately when you visit a site affected by Heartbleed

Here are all the passwords you need to change right now because of Heartbleed


Heartbleed Checker Passwords

By now, we all know what a huge deal Heartbleed is. The massive vulnerability in OpenSSL protocol impacted 66% of all sites on the Internet at the time of its discovery, and now companies are scrambling to fix the issue. Most big companies seem to have done a pretty good job of acting quickly, but this bug is several years old so users have been at risk for quite some time regardless of how quickly a site might have patched the flaw. As such, the cybersecurity experts at LWG Consulting have compiled a great list of all the huge sites that were impacted by Heartbleed.

Do you have accounts on any of the sites listed below? Change your password immediately — and be sure to change your passwords on any other sites if you use the same password there.


lwg_heartbleed_passwords

(click to enlarge)

Those looking to protect themselves from websites still impacted by the Heartbleed bug should install this browser plugin immediately. It will warn users each time they visit a website that has not yet updated OpenSSL to protect users from Heartbleed.

Hackers may have accessed details of 500,000 considering cosmetic surgery

Hackers may have accessed details of 500,000 considering cosmetic surgery

A leading cosmetic surgery provider has been targeted by a computer hacker who may have accessed details of nearly 500,000 people considering procedures.

The Harley Medical Group said it believed the cyber-attack was an attempt to extort money from the company and it had contacted police.

Some 480,000 initial inquiry forms submitted online may have been accessed and they include the potential clients’ names, addresses and telephone numbers, the company confirmed.

The form also lists cosmetic procedures, including breast enlargements, liposuction and tummy tucks, in which potential clients can express an interest.

The Harley Medical Group – which has 21 clinics across the UK – has insisted that confidential clinical and financial information was not accessed.

The firm, based in Thames Ditton, Surrey, said it had contacted police and the Information Commissioner’s Office (ICO) about the incident. The company’s chairman, Peter Boddy, has also written to people whose details may have been accessed to apologise.

A spokesman for the Harley Medical Group said: “We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company.

“The police and the information commissioner were notified and we contacted everyone whose inquiry may have been accessed to apologise and to reassure them that all clinical and financial records remain totally secure. We have taken action to further strengthen the security around website inquiries.”

An ICO spokesman said: “We have recently been made aware of a possible data breach involving the Harley Medical Group. We will be making inquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”

This article originally appeared on guardian.co.uk