04/10/2014 -
►Sixteen-year-old sophomore Alex Hribal has been charged with attempted homicide, aggravated assault, and weapons possession afterstabbing 21 students and a security officer at a Murrysville, Pennsylvania, high school yesterday. Murrysville police chief Thomas Seefeld said a lengthy investigation will be conducted to determine exactly what happened Wednesday morning in the halls of Franklin Regional Senior High School. The investigation will consider whether bullying may have been involved. Hribal allegedly ran through the halls of the school, swinging two kitchen knives until a security officer apprehended him, according to the Pittsburgh Post-Gazette. There are at least five students in critical condition at local hospitals.
►Experts are scrambling to assess the scope of the Heartleed bug, a significant flaw in software that was supposed to provide an extra layer of protection for approximately 66 percent of servers on the Internet, according to the Dallas Morning News. “This is one of the worst security issues we’ve seen in the last decade and will remain within the top five for many years to come,” said Adam Ely, COO of Bluebox Security. Many sites urged users to change their passwords, but security experts say this action may be useless until the flaw is fixed. Michael Coates, director of product security with Shape Security, tells Security Management that attackers exploiting the Heartbleed vulnerability will leave no trace within Web server logs and; therefore, it is impossible to determine if a Web site has been exploited. Coates recommends that Web site owners upgrade OpenSSL as soon as possible and reissue security certificates for SSL/TLS, as a site’s private key may have been compromised. “It is prudent to assume breach and proactively reissue security certificates,” he says. He also says that site owners should implement "perfect forward secrecy," an additional layer of security that issues random keys for each session. To view whether a Web site or server has been affected by Heartbleed.
www.securitymanagement.com
No comments:
Post a Comment