The Bleeding Heart Bug

The Heartbleed bug (CVE-2014-0160) was publicly disclosed on Monday and affects specific versions of the OpenSSL application. OpenSSL is a generally used open-source implementation of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Cryptographic method and is used on about 66% of all public websites. The bug has been present in the software since December 2011.

The bug is not a weakness in SSL/TLS itself, but rather is bug in OpenSSL implementation of it that can potentially allow attackers to access the unencrypted data stored within a server’s memory. With enough data, an attacker can find out your server encryptions keys, your passwords and any other information passed over the communication. The attackers can then use the compromised keys to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Who are vulnerable?

Because of the widespread adoption of the OpenSSL software and the ability to be attacked without leaving a trace, it means that we are all vulnerable because you can’t tell if your data has been compromised.

Not only websites are vulnerable, as many hardware and software vendors implement use OpenSSL in their products. Cisco and Juniper has listed advisories warning of the bug in their products.

What should you do?

All businesses, website owners and users of affected services should take action on this bug.

Step 1: Determine if any of your servers may be affected.

You can use the check script on Filippo Valsorda’s web site to check your public services.

Check with vendors if any of your internal services may be affected.

C|NET has a list of the top 100 sites around the web to determine if they have been patched or may be affected

Website owners with their sites on hosted services should check with their service provider if they have taken action on the bug and if they were ever vulnerable.

Step 2: Patch services for which you are able to patch yourself.

These include any owned servers or virtual servers that you use, or internal, private servers or devices.

Step 3: Re-Key your SSL Certificates

This involves regenerating and reinstalling the private keys on your servers. While the risk may be small, the fact that you will not know if your key was compromised, this is a recommended precautionary step.

Step 4: Change your passwords

It’s important that you change any passwords that you may have on any of the affected systems AFTER you have patched OpenSSL and re-keyed your certificates. Doing so before you performed the prior steps means that if your keys were compromised, an attacked would be able to discover your new passwords.

If you are a service user and don’t run any services yourself, find out from the provider if they were vulnerable and if they patched their services (or use the check script in Step 1).

Don’t Panic

While the bug is serious, it’s important to not panic. Keep a clear head and follow the steps.

For more information about the bug and to keep updated check out heartbleed.com.

Original article: Don't let it ruin your day'">The Heartbleed Bug: What is it and what to do about it Don't let it ruin your day

©2025 Interxect Services Limited. All Rights Reserved.

While the report focused more on Latin America (the only Caribbean country with significant attention was Jamaica), our close proximity to South and Latin America means that we should consistently remain abreast of the developments there.

I read the reports and have distilled some of the highlights for you.

In General

A general increase in cyber incidents were reported by most countries. However, the belief is that this was due to better detection and security mechanisms put in place, indicating that attacks were happening all the time but were previously undetected. The report noted that in many instances there was no rating or scale used for the incidents that were detected.

Growth of Hactivism

An interesting trend that was noted was the growth in hacktivism or politically motivated hacking. These instances were not driven by financial gain, but were coordinated attack campaigns in response to legislative initiatives. These attacks brought the issue of cyber security to the forefront, and may have provided some benefit by making those in authority more aware of the threats out there.

Financial Losses

The report wasn’t able to quantify the losses caused by hacking, stating that it was impossible to gather, but still said that it was very high, possibly even greater than losses of any other form of crime. I find this a rather dubious claim though, and would prefer to see more evidence before stating such.

Threat to Industrial Control Systems

Industrial Control Systems (ICS) are at an even greater risk in the region, than in many other parts of the world. I gather that the report also included financial, transportation, healthcare, and telecommunications as having ICS. Trend micro found many ICS devices connected to the Internet, possibly for remote management and administration. This may not be a problem in itself, but it found that these systems will both unprotected by a password or unpatched. I know of a few cyber scams that have hit telecommunications companies within the region, but none that have hit industrial systems… as yet!

Keeping up with Cybercriminals

Trend micro found that the hackers in the region were learning from their counterparts in other developed countries, mainly from Eastern Europe. Meanwhile, law enforcement authorities were having a hard time keeping up with the cybercrime developments. The report cited inexperienced cybercrime investigators and the shortage of prosecutors who specialize in technology related offenses. There is also a need for highly skilled professionals who can secure networks, diagnose intrusions, and effectively manage cyber incidents.

Inadequate Security and Awareness of the General Citizenry

One of the conclusions formed was that the greatest form of attack was via file infections. This is an indication of insufficient security mechanisms on personal PCs and a lack of awareness of the general citizenry of how to protect themselves from cyber threats.

Impediments to Cybersecurity within the Region

The report brought to fore some of the major issues impeding the region’s cyber security efforts.

• Lack of information being shared about security events such as breaches, intrusion attempts, or attacks.
• Lack of law enforcement or federal laws and regulations.
• Skewed data about security incidents that may not be factual or just anecdotal evidence (“I heard that this happend…”).
• Differing standards as to what constituted a cyber incidents. Some countries only counted attacks on the Government as incidents, while others count everything.
• Lack of National Computer Security Incident Response Team (CSIRT).
• Lack of highly skilled professionals in the area of cyber security.

Recommendations

The report included three recommendations for governments and organizations in the region to help improve the state of cyber security.

1. Raise awareness of safe cyber habits and general cybersecurity awareness among Internet users, critical infrastructure operators, and government employees.
2. Invest in and promote enrollment in technical degree programs to ensure an ample pool of qualified candidates from which to draw professionals that would be needed to fill the increasing number of information security careers.
3. Continue strengthening policy mechanisms to assign governmental roles and responsibilities related to cyber security and codifying information sharing and cooperation mechanisms.

I would also include that the formation of CSIRT’s at both the organizational and the national levels, even at the regional level. This would help coordinate activities in addressing cyber security. And while I do not think we need to go as far as having degree programs, we do need to increase the pool of people who deeply know information security.

I recommend that you read the report here (pdf), and please forward it to others, especially those in the position to take the cause forward.

Do you think that enough efforts are being made to improve cyber security at both the organizational and that the governmental levels? Leave your comments below.

Original article: ... and what we can do about it!'">Trend Micro – Cybercrime on the Rise in Latin America and the Caribbean ... and what we can do about it!

©2025 Interxect Services Limited. All Rights Reserved.

The attacks use bots to attempt a brute force attack on WordPress installations using the default “admin” username and a dictionary of passwords.

Many websites, including ours, run on WordPress. It is recommended that you use a different administrative username and a strong password. Even if you are using a different administrative username, you should still use a strong password. See our article – 5 Tips To Help You To Secure and Manage Your Passwords – on tips for strong password creation.

The attacks have died down over time, and many ISPs have put in measures to secure their users. Our ISP put out this notice yesterday. But this is no reason to relax. Security is about eternal vigilance, and you can bet that the next wave is coming.

Original article: Widespread Attack on WordPress Websites

©2025 Interxect Services Limited. All Rights Reserved.

Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.

The vulnerability occurs only on *NIX based systems and Microsoft Windows systems are not affected by this vulnerability.

No official patch is available for MySQL 5.0.x, because that version of thedatabase server is no longer supported by Oracle. However, some Linux vendors might backport the patch from MySQL 5.1 or 5.5. This also affects people with personal blogs on private Linux hosts that use MySQL back-ends for web applications such as WordPress, Joomla and Drupal.

Any Internet accessible MySQL database is extremely vulnerable, and those in security circles are warning of a wave of attacks. To reduce the risk, configure your MySQL databases to accept connections from only authorised IP addresses and try not to allow any public IPs access to the databases.

Original article: MySQL Vulnerability Allows Attackers to Bypass Password Verification

©2025 Interxect Services Limited. All Rights Reserved.

The vulnerability is identified as CVE-2012-0217 and stems from the way Intel 64 CPUs have implemented the SYSRET instruction. The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use, that is, using a 64-bit OS; 32-bit OSes are not affected.

AMD does not implement the SYSRET instruction the same way and is not similarly affected. However, systems running on AMD64 chips may lock up under an attack and may therefore pose a Denial of Service (DoS) vulnerability.

A list of vendors and their vulnerability status is shown below. Note that this list may not be updated and you should check the CERT-US website for updates.

Interxect Services advises customers to update your systems with vendor approved patches as they become available.

Original article: CERT-US Advises that 64-bit OSs and virtualization software on Intel 64 chips are vulnerable to hacks

©2025 Interxect Services Limited. All Rights Reserved.