Heartbleed Vulnerability – Affected Online Banking, Social Media, and Web Apps

heartbleed-bug-list-of-afftected-web-apps Heartbleed, a newest addition to the list of bugs has been described as a catastrophe by Bruce Schneier, who in his blog post, wrote

On the scale of 1 to 10, this is an 11

and rightly so. We use the Internet today to have private conversation with friends and family, conduct businesses, and perform online transactions that are secured by encrypting traffic between a client (you) and the server using a set of protocols called Secured Socket Layer (SSL). SSL ensures that the communication between user and server is encrypted by exchanging a set of public and private keys. It is the digital version of two people having two keys to unlock a locked case. Heartbleed, a bug discovered by a member of  Google security team and  Codenomicon, strikes at the heart of SSL protocol: making a copy of the key to unlock that case and get access to whatever it is that you or the server have put in there.

Sounds horrible enough, right? Indeed it is. By far, any person or organization executing Heartbleed bug on server would’ve gotten access to major social media and banking applications and can exploit these services to get access to private information or committing financial fraud.

Fortunately there’s a way of knowing if any of your online services were affected or not so I spent a better part of last night creating a script that would check a list of social media and banking websites for openness to vulnerability. I’m putting up the list in this blog. If any web app you use is in the list of affected apps, you must change the password of those applications RIGHT AWAY. That is, of course, if you don’t want Neo to read your private conversation on Facebook or transfer all of your money into his account. I realize after knowing the seriousness of this bug, you are on the edge of your seat, waiting anxiously for the list. Well, here you go. Continue reading

Spotflux.. No More! Pakistan Telecommunication Authority Blocked Access to Spotflux in the Country

Spotflux-blocked-in-Pakistan Spotflux, a free proxy service that allows people to access uncensored content on the internet, has finally been banned by the Pakistan Telecommunication Authority (PTA). We tweeted about PTA interrupting Spotflux’s service by blocking ping requests to its servers on January 28. It is confirmed that it might have been a test run to a full-fledged ban on Spotflux and quite possibly other proxy services in the future.

Spotflux isn’t the only web application that has faced ban in Pakistan. More than a year ago, PTA banned YouTube blaming a controversial movie trailer Innocence of Muslims to be the source of civil unrest in the country. Moreover, Skype and Viber have also been blocked temporarily due to security reasons of an impeding terrorist attack. Continue reading

National Security Agency – To Exploit and Infect

National-Security-Agency-To-Exploit-and-Infect

The National Security Agency, a name familiar to both computer professionals and Hollywood spy/Sci-Fi movie lovers alike, follows its official motto,

Collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information and data for foreign intelligence and counterintelligence purposes to support national and departmental missions

to its core and beyond. It is the biggest intelligence agency in the United States  to enjoy an Executive Order by the President, allowing the NSA to use clandestine approaches to serve its purpose. With so much legal precedence, manpower of 30,000 – 40,000 highly skilled computer architects, mathematicians, and cryptologists, and a whooping budget of over $10 billion, the NSA is capable of pulling off surveillance projects of global implications. Some of the famous ones include, PRISM – NSA’s direct access to Facebook, Google, and Apple user data; backdoor into TOR; and the most recent one: a top-secret, extremely talented hacking unit to perform operations that cannot be performed using usual hacking means.

Continue reading