• About

Mohammad Farooq

~ Thoughts provoker, feelings evoker

Mohammad Farooq

Category Archives: CyberSecurity

HeartBleed (OpenSSL) Vulnerability and It’s Impact

15 Tuesday Apr 2014

Posted by Mohammad Farooq in CyberSecurity, Security, Social Media, Technology

≈ Leave a comment

This vulnerability regarding OpenSSL named ‘Heartbleed’ came into the forefront on the April 8th 2014. It was discovered by a team of Google security researchers and exploited before it was disclosed to the general public. It forms a core part of the cryptographic software library in OpenSSL, and its weakness is in the SSL/TLS encryption used to secure the internet and used by websites like Google, Yahoo, Reddit etc. This vulnerability is open to being stolen by hackers and security agencies like the NSA. OpenSSL is open source and is maintained by a team of development volunteers who rely on donations for support.

  A lot of websites by now, have already fixed this vulnerability, but some still are in the process of fixing it. Google and Yahoo have already fixed it. Other popular websites like Microsoft Hotmail and others remain unaffected because they do not use OpenSSL. In Canada, their tax authority as of last week stopped collecting taxes as a result of this bug. It recently disclosed that social insurance numbers of over 900 customers have been compromised or stolen by hackers. Security experts have said that since this vulnerability had existed in OpenSSL for almost 2 years, so it is possible for the bug to have been exploited by hackers.

 Why is it named ‘Heartbleed’? The reason is; it exploits a built in feature in OpenSSL named Heartbeat. When we access a website like Gmail, it responds back to make us aware that it is active and listening to our requests. This exchange of information is done via the use of data.  Accessing a website would only result in that amount of data being transferred back that was originally sent by us in our initial request. The websites that are vulnerable to ‘Heartbleed’ do not exhibit this behavior described above. The hacker or any individual exploiting this bug on the affected server would be able to gather more data than sent upon the original request up to 65,336 bytes. Due to it,our sensitive data like email, banking, social media, e-commerce, login details are open to being stolen. So are credit card details if stored there.

 In the aftermath of the vulnerability being disclosed, various websites affected have scrambled quickly to apply the fix. Certain websites have been created to check for the ‘Heartbleed’ vulnerability for users. To confirm whether the website being used is still vulnerable or not can be checked here:

                     https://filipo.io/Heartbleed/

                                          The safety precautions given would recommend changing the passwords immediately for all websites affected. Before doing that, it would be beneficial to confirm whether the exploit has already been patched by the relevant website or not. The website URL provided above should be able to reveal that. For example, the famous cloud storage website Box.com has confirmed recently a week after the bug was disclosed to the masses, that it had fixed its website for ‘Heartbleed’. It has recommended all its users to please reset their passwords. Not are only websites affected by it, but also certain networking equipment provided and made by Juniper networks and Cisco Systems. Blackberry has also confirmed, that its popular cross platform messenger service BBM is affected by ‘HeartBleed’. The update has been released on the iOS and Android platform recently. Other Blackberry devices remain unaffected as of now.

 As per the disclosure, the massive impact that ‘HeartBleed’ vulnerability has had in the past week or so, it is possible to come across another major security threat like this again.

image

*Image has been taken from this url :

http://cdn.itproportal.com/big_files/heartbleed-infographic-how-works-large.jpg

Cyber Child Protection: Dangers And Guidelines

03 Thursday Apr 2014

Posted by Mohammad Farooq in Children, CyberSecurity, Internet, Technology, Tips

≈ Leave a comment

Tags

CyberChild Protection, Internet, Safety, Security

In this era of the internet; it is imperative that we protect our children online in the same manner as we do in the real world. For parents; it is of great significance to guide children in using the internet, teaching them its merits and demerits. Children should use the internet as a tool to gain positive experiences online, learn and use it safely.

  The internet opens up an exciting world of opportunities for children and the whole family. The internet is a source of entertainment, education and information. Exposure to various cultures and ways of life online, interacting with people from different countries opens up endless possibilities. It expands the horizons of children on a whole. Being online means there are no borders that need to be breached. The use of the internet involves risks and challenges that need to be addressed, particularly in the case of children. Parents have to realize and know about what kind of content their kids view online.

  Children can be exposed to content that is explicitly violent; prohibited or illegal. They are at risk of experiencing cyber bullying or being contacted by strangers. Children can get into serious trouble by revealing a lot about themselves by giving out personal information to strangers online; unknowingly. Two kidnapping cases have come to the forefront in Pakistan in the last year or so. The use of internet is growing among children because of exposure to smartphones and tablets.

Guidelines for parents for keeping their children safe online:

1)     Observe what content is being viewed and watched online by your children.

2)      Learn about the technologies that your children are using, educate yourself well in regards to it.

3)      Talk to your children about using the internet and tell them to share their experiences with you. Be friendly and cooperative while having a discussion to make them feel secure. Explain them, the risks and benefits of the content being viewed online.

4)      Reach to an agreement with your children in regards to internet usage; time limitations can be put in place. Use of internet should not be allowed before going to bed for example?

5)      The computer should be placed in a family area of the home for example the hallway or lounge.

6)      Smartphones, tablet usage should only be allowed in your presence only. Applications and games installed being played on them should be thoroughly checked for any violence or content that is ‘inappropriate’ for your children.

7)      No personal family information or photographs should be shared online without the consent and permission of the parents.

8)      Install an internet filter.

9)      Encrypt your home Wi-fi network with strong passwords and do not share them with your children.

10)  Monitor any explicit changes in behavior of your children after using the internet. Take them into confidence, discuss the issues that are hampering him to help them alleviate their pain.

image

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

  • Architecture
  • Art
  • Audit & Assurance
  • Biography
  • Books
  • Business
  • Censorship
  • Children
  • CyberSecurity
  • Depression
  • Disorders
  • E-Commerce
  • Faith
  • Family Portraits
  • General
  • Health
  • History
  • Hope
  • Humanity
  • Inspiration
  • Internet
  • Life
  • Literature
  • Love
  • Markets
  • Media
  • Memories
  • Motivation
  • Net Neutrality
  • NetFreedom
  • Opinion
  • Pakistan
  • Peace
  • Psychological Issues
  • Rantings
  • Romance
  • Saadat Hassan Manto
  • Security
  • Self Belief
  • Social Media
  • Society
  • Struggle
  • Technology
  • Tips
  • Tolerance
  • Tributes
  • Uncategorized
  • Websites

Calendar

January 2023
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Dec    

Tags

Abraaj Group Arif Naqvi Depression Feelings Health History Hope Hypocrisy International Finance Corporation (IFC) Life Media Mental Torture Netizens Pakistan Saadat Hassan Manto

Me

Mohammad Farooq

Mohammad Farooq

Busines Journalist and ex-Senior Sub-Editor at Profit by Pakistan Today. Bylines in Dawn, Livemint India, Huffington Post, Express Tribune, MIT Techreview Pakistan,IGN Pakistan, . Interested in Technology affairs, history buff and Part qualified accountant.

View Full Profile →

A lot has been going on…

  • My Angelic Grandmother December 14, 2021
  • A man for all seasons: Shahid Jalal August 19, 2020
  • The Merchants of Death June 18, 2020
  • The renaissance of reading books again September 25, 2019
  • Privilege is abusive July 31, 2019

Blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Mohammad Farooq
    • Join 38 other followers
    • Already have a WordPress.com account? Log in now.
    • Mohammad Farooq
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar