Much like zombies from the hit TV show “The Walking Dead,” Heartbleed is back. A tool called Shodan was used to seek out internet-of-things (IoT) connected devices and figure out if they’re threatened by Heartbleed. Here’s what the owner of the company posted on his Twitter feed at the end of that search:
https://twitter.com/achillean/status/643706828057018368/photo/1?ref_src=twsrc%5Etfw
Of the 200,000 or so vulnerable devices, 57,272 were housed in the United States. Germany was second with 21,060 Heartbleed-prone devices and China had 11,300. France was fourth with 10,094 followed by the UK with 9,125. Chances are these are things like home routers, Internet cameras, Internet connected light switches and the like. If you factor in the fact that this is a year after Heartbleed freaked people out, one wonders why we’re still taking about it and why people haven’t secured themselves from Heartbleed. That of course assumes that updates that address this are available. For older devices that may not be the case. Thus it may be possible that we’ll always have devices that are prone to getting pwned via Heartbleed on the Internet forever. That’s something that we may live to regret.
Canadian Government’s Exposure To Heartbleed Worse Than Previously Thought
Posted in Commentary with tags Canada, Heartbleed on December 11, 2015 by itnerdI’ve been very critical of the Canadian Government for a very long time as they don’t really seem to have their act together when it comes to defending themselves against cyber threats. Case in point is the Heartbleed bug which took down the CRA during tax season as well as other government websites. Oh yeah, personal data was swiped before someone got charged with the hack. That was pretty bad. But it was actually much worse as CBC reports:
The number of so-called “reconnaissance” events — in which attackers got into federal systems to assess their weaknesses — rose dramatically in the spring of 2014, to 91 detected intrusions. That was up from just seven in the fall of 2013.
And the number of actual information breaches rose sharply in the same period, increases that were “directly attributable to the OpenSSL ‘Heartbleed’ vulnerability,” says a heavily censored document from the Public Safety Department.
A copy of the internal cyber-security newsletter, with the headline “Heartbleed event increases number of reconnaissance and breach events,” was obtained by CBC News under the Access to Information Act following months of delay.
Previously, RCMP alleged only that a 19-year-old London, Ont., man had accessed hundreds of social insurance numbers by exploiting the bug in tax computers.
But the documents show Heartbleed-related attacks were much broader, involving other departments, though no information was provided on the number or identities of other attackers, or what data they may have stolen.
Well, that really gives me the warm fuzzies. That’s sarcasm by the way because I am truly not impressed. Clearly the Canadian Government is asleep at the switch when it comes to protecting themselves from these sorts of threats. One wonders what it will take for them to take cybersecurity seriously. A major hack perhaps?
Leave a comment »