Tuesday, April 29, 2014

What Does "Heartbleed" Mean For The Future Of Data Center Security?

computer code
The Heartbleed vulnerability is less of a game-changer and more of a reminder that online security is precious and vulnerable. There have been major breaches before and there will be again. The question is: will your data center be ready to handle the next breach? There is no real online security without a response plan to fall back on when, not if, security is breached.
Perhaps the most damning to the idea of flawless security online came from the revelation that some government agencies, US-based and otherwise, and had used it for the purposes of reconnaissance on citizens. More than ever, the proper response to security is not to try to build something impenetrable, but to have a plan that keeps data, even once accessed, from being able to do much damage.




Possible Solutions

Circles online including white hat Moxie Marlinspike are saying that the only real way to prevent this kind of vulnerability from being a massive breach is to get rid of plain text internet entirely, and to use HTTPS as a new standard. Encrypted data like this allows for another barrier between the data and those who would seek to compromise the security through attacking risk vectors.
There are downsides to this arrangement, however, including the increased cost of using SSL and the difficulty of requiring the unique certificate process that SSL uses on every small website that's being used.
Another idea for increased global security is called forward secrecy, which operates on a function similar to the popular mobile app, Snapchat. Once you're done with a session, your key disappears. This allows for data that is much harder to break into once it has been taken, so that anyone who wanders off a server with a load of encrypted information is much less likely to find a way to read it.


Response Plans

Your data server needs to be able to deploy patches and updates remotely and with little effort. Much of responding to security breaches require on-time fast-acting responses to severe problems. Using not only encryption, but additional security products is highly important.
Anyone who relies on your network for security is going to feel betrayed when their privacy is broken by a hack. A script for what to follow and how to break the news to customers quickly and easily is the only way to keep and/or regain trust in the wake of a security breach.
Make sure that all of your employees, not just those who are involved with security, understand security risks. The human element is commonly the most easily compromised link in the chain, and workers are regularly bamboozled into giving out critical information. If they are well-trained in security, though, they can be a strong line of defense that actively upkeep your network's security.
Google is a good case study on responding to security breaches correctly: they quickly patched their platforms and immediately educated the public on the threat and recommended security fixes for them.
Featured images:
  •  License: Royalty Free or iStock source: http://www.freeimages.com/photo/1159614
+Katrina Matthews  is a tech expert and product specialist for RackSolutions, manufacturer of custom racking solutions for businesses! She likes giving data center tips and advice on our blog.

Firefox gets a makeover and introduces user accounts

Mozilla has released a new stable version of its Firefox browser which adopts the Australis user interface.The friction within the Mozilla board did not alter the pace of development and the new Firefox is available for download .

Initially expected for Firefox 24, the Australis interface has now officially appeared on the browser.
It is characterized by less angular tabs and better display.

Much like Chrome, we could now find the options menu to the right of the address bar. It provides access to preferences, extensions, options or full screen mode.

Firefox 29 also features a new synchronization module. More specifically, it will be easier to ensure the transfer of data by creating a user account rather than entering a security key. For each account, it will be possible to retrieve bookmarks, add- ons, passwords, browsing history or preferences and tabs.

For those of you who are nostalgic, it is possible to reload the old UI by downloading this extension: old-firefox

Monday, April 28, 2014

Microsoft might suspend the Xbox one production

The Xbox One was released in late 2013 and 5 million consoles have been shipped to retailers since. These 5 million Xbox do not represent sales of the console since many of then are still enthroned on the shelves of shops which making Microsoft consider suspending the production of its console for some time to sell the stocks.

Gamasutra indicates that Microsoft is considering to slow or stop the production: The market is about to saturate and it would be pointless for Microsoft to continue to manufacture consoles; Stocks would be sufficient to take effect until the fourth quarter of this year.

Of course, the situation could change if Microsoft announces at the E3 some new games that will boost the sales of the Xbox.
Microsoft has released its console in 13 countries so far, but it will be available in more markets in the coming months, which will allow them to sell the stocks and re-boot the production.

Sunday, April 6, 2014

Tricking traffic RADARS

Who among us hasn't got a speeding ticket because of  speed ​​Radars that are everywhere. Some hackers have developed an extraordinary solution! You only have to tape a piece of paper over the registration plate and write an SQL injection on it.


But what is a SQL injection? It is a technique that alters existing SQL commands to overwrite values ​or execute commands to expose hidden data. In this case, a little trick to defeat speed radars on our roads.
Learn more about SQL injections

How does it work? Current speed radars operate through character recognition algorithms allowing them to recognize your vehicule registration number.  With a paper taped over the licence plate, it would be impossible for them recognize it.
But here's the fun part, if an SQL injection managed to work, it could very well, for example, delete the database from the police servers.

Source : Gizmodo