Friday, January 2, 2015

Top 5 security stories 2014

2014 can be long remembered for epic hacks, major security vulnerabilities.
Thought we had seen all after the SSL vulnerability pierced the heart of internet and raised serious concerns on encryptions, but there are more attacks kept coming such as devastating attack on SONY, heartbleed, Shell Shock which shook the unix scripting world.

The following are the top 5 security stories of 2014:

1. Go(ing) to fail bug:
Apple fixed a bug in the implementation of iOS 7.0.6
It seems Apple programmers forgot to add validation steps :-D
An excerpt from Apple support portal on go to fail bug
For more information go to:

Lesson to learned: Silly mistakes like these often puts big companies at risk.

2. Sony: insider track attack.
We do fret about digital security and often forgets physical security, it is this mistake by Sony made the whole business world rethink about their security policies in and around office premises.

Lesson to learned: secured office premises are equally important as digital security

3. Heartbleed:

security loop hole in encryptions used to avert data risks.
What an irony!

Lesson to learned:  testing is very very important

4. Shell shock:

shocking security loop hole in Bash scripting shell.  :-O
Well! its great shock to me as a linux enthusiast. We all taken unix/linux for granted when it comes to security.

Lesson to learned: Loop holes could be there in any program be it a unix/linux operable script/shell

5. Poodle: also known as SSL 3.0 Vulnerability and Information Disclosure Vulnerability

Though poodle is not too major compared to Heartbleed or Shellshock, but left the Oracle cloud users in a dilemma that whether our data is already leaked or is it still secure. Even Technology giant like Oracle uses the 3rd party software code as is, without proper testing.

Lesson to learned:  know your code, minimize the no of issues by testing the products integrated with 3rd party programs such as SSL 3.0 etc..

Post a Comment