It would appear that Kim Dotcom does not trust United States-made electronics. He suggests this week that the world should "never trust US tech", using #NSA to point out a Cisco listing of lawful intercept architecture. He calls these systems "interception backdoors", suggesting that Cisco is amongst the companies that willingly allow the NSA to take hold of their data at any given time - but that's just not true.
Earlier today the folks at SRLabs showed a demonstration of how using a bit of wood glue and some interesting printing techniques, they were able to trick the Samsung Galaxy S5’s fingerprint scanner. This trick took the same method used for their test of the iPhone 5s’ Touch ID, much in the same way CCC (Germany’s Chaos Computing Club) tricked iPhone 5s’ scanner this past September.
The second wave of Facebook’s sharing of Government Request data comes this week in short form. Facebook is one of a collection of groups to have begun showing off what they’re able in government data requests since the age of the NSA spill came to fruition last year.
This week the folks at Apple have added to the stacks of sites making clear that they were either unaffected by the Heartbleed bug or have been patched successfully. Apple has released a statement that suggests they "take security very seriously" and that iOS and OS X "never incorporated the vulnerable software" in the first place. They also made clear that "key web-based services were not affected" either.
This week there’s little question that the internet security world has been tossed down a flight of stairs. With Heartbleed, a relatively major bit of a mistake was made in OpenSSL, a form of security that most of the internet uses, resulting in a major open door for hackers and spies of all kinds. With this bug having only been discovered this week and implemented a whopping two years ago, IT professionals are notably miffed.
There should have been little doubt that once the Heartbleed bug was realized, one of the first things the public was going to do was go on a witch hunt for the person or people responsible. As it were, Mr. Robin Seggelmann of Münster in Germany says that he was only aiming to improve OpenSSL, and all allegations that he may have introduced the bug on purpose are false.
When you think about the scope of the Heartbleed bug, you have to consider that it was (and is) allowing hackers to see data - any data - stored on servers. This data vulnerable to CVE-2014-0160 (aka Heartbleed) is not limited to certain kinds of data - it’s anything and everything. So what’s to be done?