Today we are inaugurating a new section on the blog. Every week, the aim of the Weekly Cybernote will be to synthesize the top security news of the week in France and abroad, so we will choose 3 leading topics that are not to be missed. We will cover the notorious Heartbleed vulnerability that has sent waves of panic through the web this week, as well as the end of support for Windows XP, and lastly, the story of a 5-year-old boy who managed to find a flaw in the Xbox One’s system.
Heartbleed: critical security flaw on OpenSSL
The fear over the internet this week was almost palpable. Information security experts have advised administrators to fix a critical vulnerability that was identified on OpenSSL, an open source library of encryption protocols. This library is used mainly by some of the biggest names such as Google or Yahoo. This vulnerability has been named “Heartbleed”. For the average user, it affects web pages that are displayed in the browser with a padlock in the address bar. Initially, this vulnerability was discovered in December 2011, but was fixed only this week by version 1.0.1g of OpenSSL. Affected versions range from 1.0.1 to 1.0.1f (except the 1.0.0 branch and 0.9.8). Once it is exploited, this critical vulnerability will allow hackers to monitor all the information sent between a user and a web service, and to decrypt the information gathered in this manner. The hacker can then go on to spy on communications or directly steal private data from websites or from individual users. In terms of process, this vulnerability allows hackers to exploit only 64KB of memory data in a single attack, but attempts to obtain several sequences of 64KB may be successful by maintaining an active TLS link. Affecting even the biggest players on the web, this vulnerability was under the media spotlight, and fortunately, immediately set straight by the most critical infrastructures.
April 8th 2014: Microsoft officially put an end to Windows XP
The bell had been tolling for several months and has now become a reality: ever since April the 8th, Microsoft has stopped support for Windows XP. After 13 years of good and loyal service, the time has come for the Redmond firm to bid goodbye to its signature operating system. Even though Microsoft’s best recommendation was to migrate to later versions of Windows, certain critical infrastructures had no other choice but to stick with Windows XP. Nonetheless, Microsoft offers high-level support for certain privileged clients, although this remains a costly alternative even for large infrastructures. Moreover, about 30% of PCs online worldwide still run on Windows XP. Among all the alternatives to migration, we are proud to present ExtendedXP, which allows you to keep the security of your workstations in Windows XP intact even after the fateful date.
A young boy of 5 hacked his father’s Xbox One
It is said that wisdom does not come with age, and this case proves this proverb true once again. Kristoffer is a young boy of 5 living in San Diego, California. Behind this name hides what must be the youngest hacker in history. While trying to play games that his father prohibited him from playing, the young boy stumbled upon a security flaw that allowed him to break into his father’s Xbox account. By entering the wrong credentials once, and then filling the second password entry screen with spaces and pressing Enter, Kristoffer was able to gain full access to a prohibited zone in the system, thereby granting access to the Holy Grail. Microsoft acknowledged the young boy’s discovery of this flaw by rewarding him with a year-long subscription to the Xbox Live service. As for his dad, who happens to work in information security, he admitted to being proud of his son despite it all, and for a very good reason! This is one little boy whose future has already been mapped out in the field of security…