Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

BlackBerry To Patch For Heartbleed

April 25, 2014 by  
Filed under Security

Comments Off on BlackBerry To Patch For Heartbleed

BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

Source

Pentagon Practices Cyberwar

June 23, 2011 by  
Filed under Around The Net

Comments Off on Pentagon Practices Cyberwar

A mock Internet where the Pentagon can practice cyberwar games — complete with software that simulates human behavior under multiple military threat levels — is due to be up and running in a year’s time, according to a published report.

Called the National Cyber Range, the computer network mimics the architecture of the Internet so military planners can study the effects of cyberweapons by acting out attack and defense scenarios, Reuters says.

Planning for the Cyber Range was carried out by Lockheed Martin, which won a $30.8 million Defense Advanced Research Projects Agency (DARPA) grant, and Johns Hopkins University Applied Physics Laboratory, which won $24.7 million.

Cyber Range plans call for the ability to simulate offensive and defensive measures of the caliber that nations might be able to carry out. DARPA wants the range to support multiple tests and scenarios at the same time and to ensure that they don’t interfere with each other. “The Range must be capable of operating from Unclassified to Top Secret/Special Compartmentalized Information/Special Access Program with multiple simultaneous tests operating at different security levels and compartments,” according to DARPA’s announcement of the project.

Read More….