has released a stunning data visualization map of internet attacks. It shows a fraction of the scope of constant threats affecting countries today. You can see penetration attempts in real time over services like http (web servers) and smtp (email servers), and more.
This bookmarklet is useful to view source in Safari on Apple’s iPad. There is no built-in menu tool to do this in iOS, unlike with all desktop browsers. Oh why, Apple, do you drift ever further from user-centric software development?
On April 8 I was notified by WiredTree, our hosting company, that their servers had been patched against a newly discovered (and serious) flaw in the SSL encryption technology which underpins secure browsing over https.
It is called the Heartbleed bug.
Our servers were not affected, as they ran CentOS5 and did not use Litespeed. Other sites which did use LiteSpeed were affected.
Heartbleed, a “catastrophic” security flaw in the OpenSSL cryptographic protocol that has affected two-thirds of the entire Internet’s communications, was committed at 10:59 pm on New Year’s Eve by Seggelmann, a 31-year-old Münster, Germany-based programmer.
That night, he made an error that has been compared to the misspelling of Mississippi, a careless but almost inevitable mistake that went undetected for over two years.
Target’s had a big red target leveled at its data systems recently; the intrusion and theft of over 100 million consumer credit & debit card information is almost the largest in history.
It’s website features a notice to consumers; but strangely, 2 seconds after the home page loads, an ad overlay obscures the warning text and link.
Purposeful or by accident, it’s a big oops on top of the disaster.
See the site 1 second after load:
And 2 seconds later:
Intentional or by accident?
Does the law require companies to disclose breaches? As an aside, most States do not require the companies disclose successful network breaches to their customers. A law firm has published a useful chart to track State-by-State requirements.
Perkins Coie’s Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each state’s sometimes unique security breach notification requirements. Lawyers, compliance professionals, and business owners have told us that the chart has been helpful when preparing for and responding to data breaches.
Apple has always decided what it thinks is the best experience for its Mac users, even against conventional wisdom or established, known user preference. This has been frustrating for power users through the years, from lack of two button mice to the latest reductionist “flat design” trend in iOS7.
The latest “we know better” feature is the automatic document auto-saving (with no warning) in its home-grown applications, like Preview, TextEdit or the iWork apps. I don’t want to recall how many original photos have been destroyed after a session of quick exposure experimentation.
Good news: you can completely disable the auto-saving via this terminal command:
defaults write com.apple.Preview ApplePersistence -bool no
Google acknowledged (and fixed) a major vulnerability in its google.com and gmail.com domains.
Redirection, cross-site scripting, cross-site request forgery, and SQL-injection vulnerabilities are to websites what dandelions are to suburban lawns. Even sites maintained by experienced and highly vigilant Web developers are likely to suffer from these Web-application bugs.