Friday, June 6, 2014

An open secret

French writer and philosopher Voltaire wrote "who reveals the secret of others is taken as a traitor; who reveals his own secret is taken as a fool". So perhaps the best way to avoid others saying bad things of oneself is to have the minimum possible secrets. If you have a lot to keep, it is likely that sooner or later you end up being a traitor... or a moron.

The latter is what the founder of the OpenBSD operating system (Unix), Theo de Raadt, almost call to the OpenSSL team. While the consequences of Heartbleed are still blowing in the air, yesterday we had knowledge of new critical vulnerabilities in this toolkit designed to ensure cryptography in communications. De Raadt comes to say "thanks for nothing". In his opinion the OpenSSL team tried to keep these new vulnerabilities "secret", and they apparently did it due to the dispute with LibreSSL, an unofficial version developed since April because of Heartbleed. Actually the creator of this library removed many lines of "unnecessary" code from the original OpenSSL.

So having a secret is not good business. It is bad if you reveal it, but it is bad too if you keep it. That was the hue that Voltaire did not include. Sooner or later, it will end up being known. Revelations of former NSA contractor Edward Snowden (Traitor? Fool?) have caused such an impact on many industries that we’ve seen how some people use the term "snowdened". The Cloud Security Alliance (CSA) just published a series of valuable notes in its blog along with five questions that any CEO should transfer to his CIO/CISO to prevent being snowdened.

All this when it is the *first anniversary the revelation of the PRISM spy program. Some NGOs and companies like Google have "celebrated" it launching the initiative “Reset The Net”, which is a campaign to educate users about the importance of encrypting their digital environments. Meanwhile the Sophos Naked Security blog published an extensive post explaining the origins and meanings of "anti-surveillance".

Beware also where you keep your secrets. As the files from your devices are more compromised, the easier it will be to fall into the trap of "cryptoransomware" (some words are even sometimes indigestible, visually speaking). If you install illegal software on your Android, it is likely that some app comes with a surprise under his arm, as we told you yesterday speaking about SympleLocker. Also on the Sophos blog, they describe this malware in a interesting way: as a "wannabe" that seeks to imitate the already known CryptoLocker for desktops.

And finally, one of the basics to regard if you don’t want to feel naked against cybercriminals, it is to keep your software updated as much as possible. If you use Windows, which is quite likely, you should not miss the next Microsoft’s security patch, because it comes loaded with solutions for critical vulnerabilities for both Internet Explorer and Office.

What it is indeed an open secret is that we live in a risk environment. Therefore it is important to spread, spread and spread “the word”. So we ask you to like, comment and share our posts, on here, on Google+ on Twitter, on Facebook… you cannot complain about the lack of choices. you can find the links to our social channels on the right sidebar ;-)


Post a Comment