"Newshour"
October 4, 2014 | BBC
Press
Audio and Multimedia director Gerald Friedland comments on a Taliban spokesman's tweet, the geo-tags of which revealed his location even though he is in hiding.
"New Security Flaw Could Be Worse than 'Heartbleed' Bug"
September 25, 2014 | Jana Katsuyama, KTVU News
A security flaw called the "Shellshock bug" or "Bash bug" could pose a more severe threat than the Heartbleed bug which impacted an estimated 500,000 computers last spring.
"‘Shellshock’ Bug Spells Trouble for Web Security"
September 25, 2014 | Brian Krebs, Krebs on Security
As if consumers weren't already suffering from breach fatigue: Experts warn that attackers are exploiting a critical, newly-disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed "Shellshock," is so intertwined with the modern internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.
"Worse than Heartbleed? Today's Bash Bug Could Break Security for Years"
September 24, 2014 | Russell Brandom, The Verge
Linux users got a nasty surprise today, as a security team at Red Hat uncovered a subtle but dangerous bug in the Bash shell, one of the most versatile and widely used utilities in Linux. It's being called the Bash bug, or Shellshock. When accessed properly, the bug allows for an attacker's code to be executed as soon as the shell is invoked, leaving the door open for a wide variety of attacks.
"Shopping Online May Actually Be Safer Than Shopping In Person"
September 15, 2014 | Gerry Smith, The Huffington Post
The list of major retailers that have been hacked keeps growing. But while tens of millions of people have seen their credit card numbers fall into the hands of hackers, online shoppers at those stores appear safe.
"Devastating 'Heartbleed' Flaw Was Unknown Before Disclosure, Study Finds"
September 10, 2014 | Jeremy Kirk, PCWorld
One of the most serious software flaws to affect the Internet, nicknamed “Heartbleed,” was likely unknown before it was publicly disclosed, according to new research. The finding puts to rest fears that government spying agencies may have been exploiting the flaw for surveillance activities.
"Heartbleed Attacks Started Within 24 Hours of Disclosure"
September 10, 2014 | Dan Worth, V3
Attacks attempting to exploit the Heartbleed security flaw that was uncovered in April started within 24 hours of it being made public. However, there is no evidence attacks occured before the vulnerability was unearthed.
"Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability"
September 9, 2014 | Dennis Fisher, Threatpost
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but traffic data collected by researchers on several large networks shows no exploit attempts in the months leading up to the public disclosure. - See more at: http://threatpost.com/research-finds-no-large-scale-heartbleed-exploit-attempts-before-vulnerability-disclosure#sthash.6pVXHEmk.dpuf
"Dread Pirate Sunk by Leaky CAPTCHA"
September 6, 2014 | Brian Krebs, Krebs on Security
Ever since October 2013, when the FBI took down the online black market and drug bazaar known as the Silk Road, privacy activists and security experts have traded conspiracy theories about how the U.S. government managed to discover the geographic location of the Silk Road Web servers. Those systems were supposed to be obscured behind the anonymity service Tor, but as court documents released Friday explain, that wasn’t entirely true: Turns out, the login page for the Silk Road employed an anti-abuse CAPTCHA service that pulled content from the open Internet, thus leaking the site’s true location.
"Data: Nearly All U.S. Home Depot Stores Hit"
September 3, 2014 | Brian Krebs, Krebs on Security
New data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company’s stores across the nation. Evidence that a major U.S. retailer had been hacked and was leaking card data first surfaced Tuesday on the cybercrime store rescator[dot]cc, the shop that was principally responsible for selling cards stolen in the Target, Sally Beauty, P.F. Chang’s and Harbor Freight credit card breaches.