April Patch Day, Raided Pen-Tester, and OpenSSL Heartbleed
Information security news never stops, even if I have to post it from a Changi Airport lounge. If you need to learn the latest cyber security news, including what to do about the biggest vulnerability of the year (so far), you’ve found the right weekly video blog.
This week’s “on-the-road” episode covers Adobe and Microsoft’s Patch Day, an allegory on why you should avoid greyhat pen-testing, but most important of all, information and advice about the major OpenSSL Heartbleed vulnerability. If you use the Internet, you need to know about the Heartbleed flaw, so click play below to watch this week’s video. Finally, make sure to check the Reference section for links to the stories and some extras; especially if you are interested in all the WatchGuard Heartbleed information.
(Episode Runtime: 8:05)
Direct YouTube Link: http://www.youtube.com/watch?v=gEw-o2GQd1U
Episode References:
- OpenSSL Heartbleed Vulnerability
- WatchGuard releases XTM 11.8.3 Update 1 to fix Heartbleed – WGSC
- Heartbleed and XTM; how to regenerate XTM certificates – WatchGuard KB Article
- Official page and FAQ for Heartbleed bug – Heartbleed.com
- Patch Day Information
- Reddit AMA post from the greyhat pen-tester who was raided by the FBI – Reddit
Extras:
- Flaw in a mysterious Alexa top 50 website used to DDoS victims – Incapsula
- Wired.com hacked over the weekend and forced to serve malware – Seroundtable.com
- Interesting malware leverages Windows Powershell – PCWorld
- Weev’s hacking case thrown out – Forbes
- Gang of nine hackers charges for using Zeus – Computer World
— Corey Nachreiner, CISSP (@SecAdept)
After apply the heartbeat patch we should replace the certificates on the firebox. This will affect your IPSEC VPN mobile users. What is the best way to get the new certificates to the users?
Great blog, easy to watch during a lunch break, and of course informative. Keep up the great work.