Heartbleed patching effort stalls at around 300,000 vulnerable servers

	The 8 scariest digital security stories of 2014 (so far) | Exposing hidden domain registrations could hurt innocent users more than criminals
	Network World Security				Forward this to a Friend >>>
	Heartbleed patching effort stalls at around 300,000 vulnerable servers Despite a great start, the rate of patching OpenSSL servers against the critical Heartbleed vulnerability has slowed down to almost a halt. Around 300,000 servers remain vulnerable and many of them are unlikely to get patched anytime soon.Over the past month only around 9,000 servers were secured, a far cry from the almost 300,000 servers patched during the first month after the vulnerability was revealed.The Heartbleed flaw was publicly disclosed in early April and allows attackers to extract information from the memory of servers that run OpenSSL 1.0.1 through 1.0.1f, if they support an SSL feature called “heartbeat.” The extracted information can include user passwords and long-term server private keys that can be used to decrypt SSL traffic captured from servers.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: HP Why you need a next-generation firewall This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More In this Issue The 8 scariest digital security stories of 2014 (so far) Exposing hidden domain registrations could hurt innocent users more than criminals Open source proxy servers challenge commercial wares Ad network compromise led to rogue page redirects on Reuters site INSIDER Review: Open source proxy servers are capable, but a bit rough around the edges Google develops own 'boring' version of OpenSSL WEBCAST: Dell SecureWorks What Can Security Leaders Do to Combat Cyber Threats? Training employees to understand the risk they create for your organization when they don't consider security in their day-to-day activities is a challenge for most IT and IT security organizations. Changing behavior is always difficult, especially when security awareness programs lack a well-defined approach and dedicated resources. Learn more The 8 scariest digital security stories of 2014 (so far) Bad moon risingBarely halfway through 2014, the year's already poised to become the scariest yet for digital security—topping even 2013's massive Target breach. We’ve seen hacks against big-name retailers like eBay, Michael’s, and Neiman Marcus—plus hotels, online forums, and numerous other websites. The current tally of compromised credit cards from major breaches is closing in on 5 million, and online accounts?—half a billion.To read this article in full or to leave a comment, please click here Read More Exposing hidden domain registrations could hurt innocent users more than criminals Banning the use of privacy and proxy services to hide details of domain name registrants would scarcely inconvenience criminals but would have privacy implications for lawful users of those services, according to a study.The Whois system, a distributed database containing the contact details of companies and individuals who have registered domain names, is under review by its operator, the Internet Corporation for Assigned Names and Numbers (ICANN). The organization says privacy and proxy services play a role in obscuring the identities of parties engaged in illegal or harmful activities such as phishing, typosquatting, hosting child abuse sexual images, advanced fee fraud, or the online sale of counterfeit pharmaceuticals.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: Dell, HP, Juniper Networks, McAfee The Next Generation Firewall Challenge The Next Generation Firewall needs to be able to combat Advanced Evasion Techniques (AET) and understand the nature of attacks, so it will not be chasing hackers, but getting ahead of them. The NGFW needs to be supported by up-to-the-minute research with the ability to get the information into the field fast and effectively. View Now Open source proxy servers challenge commercial wares Open source products prove themselves capable, but a bit rough around the edges. Read More Ad network compromise led to rogue page redirects on Reuters site Users who accessed some stories on the Reuters website Sunday were redirected to a message from hackers criticizing the news agency’s coverage of Syria.The attack was carried out by the Syrian Electronic Army (SEA), a hacker group that’s publicly supportive of Syrian President Bashar al-Assad and his government and which has targeted various media organizations in the past, including IDG.“Stop publishing fake reports and false articles about Syria! UK government is supporting the terrorists in Syria to destroy it. Stop spreading its propaganda,” the rogue message seen by some Reuters.com visitors read.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: BMC Software IT Friction and Your Organization This report outlines key issues that cause friction between business users and IT. Learn More INSIDER Review: Open source proxy servers are capable, but a bit rough around the edges Providing a common gateway for web services, caching web requests or providing anonymity are some of the ways organizations use proxy servers. Commercial proxy products, especially cloud offerings, are plentiful, but we wondered if open source or free products could provide enterprise-grade proxy services.To read this article in full or to leave a comment, please click here(Insider Story) Read More Google develops own 'boring' version of OpenSSL A Google engineer wrote the project isn't designed to replace OpenSSL Read More
	SLIDESHOWS 5 potential Facebook killers Outside of the obvious suspects – LinkedIn, Twitter and Google+ – who has the potential to unseat Facebook? Here are five possibilities. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn MOST-READ STORIES 1. 8 technologies that are on the way out -- and one that we'll never be rid of 2. First look: Amazon's new Fire Phone 3. Google develops own 'boring' version of OpenSSL 4. It's not time for Cisco CEO John Chambers to retire 5. Goodbye stupid software patents? 6. Review: Open source proxy servers are capable, but a bit rough around the edges 7. 3 steps for moving Cisco's Catalyst 6500 to the Nexus 8. 7 tips for protecting your AWS cloud 9. Facebook reveals a homegrown SDN data-center switch 10. Google looks to the day when it can quit building its own servers
	Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_security_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **