Dr. Hayes on Heartbleed

As you may have heard by now, there’s a huge Web vulnerability called Heartbleed out there that can allow an attacker access to the memory of a server or client, including a server’s SSL private keys. What does this mean for those of us that depend on privacy and security in our everyday online interactions? We decided that there would be no one better to ask than Dr. Darren Hayes, Seidenberg’s expert in cyber security. He stated that,


“Heartbleed could be the biggest Web vulnerability ever discovered. The problem is that the vulnerability has been around for two years now, so we have no idea what information could have been stolen from big name companies. Furthermore, the message for customers is problematic because a user cannot rush to change his or her password until the Website has patched their system and purged old keys used to encrypt data. Our confidence in transacting business on banking and retail sites and checking our email with well-known service providers has essentially been shattered. Hopefully, companies will keep their customers updated on what is happening and inform their customers on best practices for security.”

It’s important for users to change their passwords on sites that have been approved. There are lists, such as this one on CNET, that state which sites are safe and which could still be vulnerable. Take the weekend to sort through your accounts to make sure your information is secure.

Seidenberg Professor James Gabberty Writes about Congress and Cybersecurity for ‘The Hill’

“In reality there is no one ‘best way’ to defend against cyber attacks because the path towards safe computing practices that could thwart attacks has been lengthy, evolving and unclear.” Read more

How should congress approach cybersecurity? And how do agencies like the FTC choose which corporations to attack when cybersecurity falters, especially when there are so few solid legal codes in place? Another of Prof. James Gabberty’s articles on the topic has been published on “The Hill’s” Congress blog; this article specifically discusses the FTC’s lawsuit against Wyndham and the resulting call to policy scrutiny. Gabberty continually publishes articles for “The Hill” and is an active part of the conversation that surrounds congress’ role in cybersecurity. His article from February, available here, also considers politics and information security.

@thehill on Twitter | TheHill on Facebook