This month has brought us the mad scramble to deal with the Heartbleed bug. Many fingers were pointed at Governments and agencies about poor security, and largely the finger pointing was accurately placed.
But what about the risk of open source? It is still problematic to try and use open source tools like SSL, but it is not overly more risky than big name closed ecosystems, MS and Adobe, for example. The problem though can be markedly more difficult however in terms of detection and implementation of a fix. The open source concept is great at rapid development and a true uniqueness which can only be developed in a free form environment, but it is also this environment which can keep developers from focussing on the end product, testing and retesting to find problems and satisfy a client. Not so bad for Mom's flower shop, but a very bad thing for the Canadian Revenue Agency and other similar organizations as we've seen.
Protection of these types of systems remains of vital national importance and open source cannot be risked in these cases. A closed, secure and easy to update and patch system is the best bet for secure sites, or if open source is the only option, then a dedicated in house programmer corps must be set in place to test and develop a unique flavour for a given organization to ensure protections are in place, and not just cyber-crime monitors, which are useless in situations such as this where internal alarms are not able to respond to these problems.
That being said, there was a fairly good reaction to Heartbleed once detected with a fairly rapid deployment of fixes. There will undoubtedly be blowback over the next few months as internal security agencies and companies start to reveal the extent of damage from Heartbleed. Anyone suspecting they were impacted should take the time to report their information to the standard credit agencies, banks and police. For the general populace, a change up of sensitive passwords should be looked at, particularly tax agency, banking and medical sites with prime identification information.
Starting next month, we will be looking at some of the more practical sides of investigations, and will expand on the actual experiences of private investigations, mixed in with some tips for private individuals and companies to look at. We hope you'll join us!
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
No comments:
Post a Comment