April 15, 2014
The Internet was stunned to learn of a significant vulnerabilty to security this last weekend. OpenSSL, an application that is used by software and services throughout the Internet for authorization of legitimate websites was found to have a core flaw. Essentially anyone from anywhere could send a specially crafted packet to a service or site using OpenSSL, asking if the server is still accepting communications and the server would return up to 64 Kilobytes of what was in its memory at the time of request. This return could be username and passwords, or documents, or even security certificates. The OpenSSL foundation responded and fixed the core code of OpenSSL, but there are still hundreds of thousands devices, or services that still are running the old version of the software. Please check for updates on your devices, and change any passwords for sites you maybe concerned about. However, only change those passwords after a site has patched their services, and revoked their old security certificate and created a new one.
December 5, 2013
Over 2 Million passwords to popular webpages discovered.
In Mid June, Trustwave Spiderlabs researchers were able to view information in the Pony Botnet controller that indicated that there were over 650,000 website credentials that had been harvested by this particular botnet, which, is fairly widespread. On Tuesday they announced that upon a more detailed look that over 2 million passwords have been harvested by this botnet. Many of these services have now been notified and they are taking corrective action on those accounts that have been compromised.