bennyboy64 writes: IT security industry experts are beginning to turn on Google and OpenSSL, questioning whether the Heartbleed bug was disclosed "responsibly". A number of selective leaks to Facebook, Akamai and CloudFlare occurred prior to disclosure on April 7. A separate, informal pre-notification program run by Red Hat on behalf OpenSSL to Linux and Unix operating system distributions also occurred. But router manufactures and VPN appliance makers Cisco and Juniper had no heads up. Nor did large web entities such as Amazon Web Services, Twitter, Yahoo, Tumblr and GoDaddy, just to name a few. The Sydney Morning Herald has spoken to many people who think Google should've told OpenSSL as soon as it uncovered the critical OpenSSL bug in March, and not as late as it did on April 1. The National Cyber Security Centre Finland (NCSC-FI), which reported the bug to OpenSSL after Google, on April 7, which spurred the rushed public disclosure by OpenSSL, also thinks it was handled incorrectly. Jussi Eronen, of NCSC-FI, said Heartbleed should have continued to remain a secret and be shared only in security circles when OpenSSL received a second bug report from the Finnish cyber security centre that it was passing on from security testing firm Codenomicon. "This would have minimised the exposure to the vulnerability for end users," Mr Eronen said, adding that "many websites would already have patched" by the time it was made public if this procedure was followed.
bennyboy64 writes: An Australian university appears to be excelling at cultivating some of Australia's best computer hackers. Following the University of NSW's students recently placing first, second and third in a hacking war game (the first place winners also won first place last year), The Sydney Morning Herald reports on what exactly about the NSW institution is breeding some of Australia's best hackers. It finds that a lecturer and mentor to the students with controversial views on responsible disclosure appears to the be the reason for their success.
bennyboy64 writes: Smartphones that offer the ability to 'remote wipe' are great for when your device goes missing and you want to delete your data so that someone else can't look at it, but not so great for the United States Secret Service, ZDNet reports. The ability to 'remote wipe' some smartphones such as BlackBerry and iPhone was causing havoc for law enforcement agencies, according to USSS special agent Andy Kearns, speaking on mobile phone forensics at a security conference in Australia.
bennyboy64 writes: The former chief information security officer (CISO) for the US state of Pennsylvania, Bob Maley, today confirmed rumours at the AusCERT 2010 security conference in Australia that he was put out of a job for disclosing information about a security incident at another conference earlier in the year, ZDNet reports. In March, SC Magazine reported Maley as being let go following an appearance at the RSA Conference in the United States.
bennyboy64 writes: iTnews reports that consumers wanting to safely connect to their internet banking service should use Linux or the Apple iPhone, according to a detective inspector from the New South Wales (NSW) Police, who was giving evidence on behalf of the NSW Government at a public hearing into Cybercrime today in Sydney Australia. Detective Inspector Bruce vad der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online.'If you are using the internet for a commercial transaction, use a Linux boot up disk — such as Ubuntu or some of the other flavours," he said. He also said the iPhone was safe for browsing to internet banking websites.
bennyboy64 writes: "In what may be one of the largest roll-outs of Microsoft's new Windows 7 Operating System yet, Australia's Federal Government decided to give 240,000 Lenovo IdeaPad S10e netbooks to Year 9-12 students, which officials are coining as 'unhackable'. iTnews reports that the laptops come armed with an enterprise version of the new Windows 7 OS, Microsoft Office, the Adobe CS4 creative suite, Apple iTunes, and content geared specifically to students. The New South Wales (NSW) Department of Education CIO Stephen Wilson said that schools were 'the most hostile environment you can roll computers into.' While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM and a six hour battery, the cost to the NSW Department of Education is under AUD$500 (USD$435) a unit. Wilson praised Windows' new Operating System: 'There was no way we could do any of this on XP,' he said.'Windows 7 nailed it for us.' At the physical layer, each netbook is password-protected and embedded with tracking software that is embedded at the BIOS level of the machine. If a netbook were to be stolen or sold the Department of Education is able to remotely disable the device over the network. Each netbook is also fitted with a passive RFID chip which will enable the netbooks to be identified 'even if they were dropped in a bathtub.' Being passive, an RFID reader needs to be within close proximity of the device to read it. The Deparment of Education also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed on the device."
bennyboy64 writes: "A multi-million dollar nanotechnology tool to be launched in Australia next March could yield new anti-counterfeiting technology. Monash researcher Matteo Altissimo said Monash were in discussions about using the tool for improving banknote fraud prevention, but could not name the researchers or organisations involved due to non-disclosure agreements. The etching device will be housed in Monash University's upcoming Melbourne Centre for Nanofabrication (MCN), which will pay 1.5 million Euros (USD$2.2m) for the machine and an additional estimated $30,000 per year for related utilities. One example of EBL-related anti-counterfeit technology is Exelgram, which was developed by CSIRO in the 1990s and has been used in Hungrarian, Estonian and New Zealand bank notes, Ukranian visas and American Express travellers' cheques."
bennyboy64 writes: "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers.
"Once an ISP has detected a compromised computer or malicious activity on its network, it should to take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem," the new code states.
The code won't be mandatory but it's expected the ISP indutry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."