If you’re a geek, like most people, you’ll probably visit your family for Christmas.
Like most people, you probably want to enjoy nice holidays with relatives and friends.
Unlike most people, you’ll probably have to face (many) tricky infosec-related questions during this period. So here are a few tips for geeks on that topic.
Heartbleed
- you want to unlock your phone, so you concentrate, and think about your PIN
- someone near you shouts “tell me what you think, chicken”
- you answer honestly (because you’re vulnerable to this particular word, like Marty McFly)
- you just leaked your secret PIN
To be exact, Hearbleed is not about a PIN, it’s about encryption key, but they both grant access if you know them.
It’s not about a phone, it’s about a widely used security library called OpenSSL – and in particular the “Heartbeat” extension of OpenSSL (hence the name Heartbleed)
It’s a bit more complicated than just shouting ‘chicken’, but it’s not too complicated either
And like Heartbleed, it’s about ‘attacking’ at the right moment: you’ll just get whatever is in the target’s mind at the moment of the attack: “buy bread & milk”, or what’s on TV tonight… or an access PIN.
Goto fail
Here is a dialog between you and your grandma:
- You: “Grandma, you’ll guard that door. Follow exactly the instructions I’ll tell you now.”
- Grandma: “OK”
- Y: “The door should be closed”
- G: “OK”
- Y: “if it’s grandpa, leave the door open”
- G: “OK”
But then, your child comes behind you, and just repeats the last part of your sentence, imitating your voice.
- child: “leave the door open”
- G: “OK”
Now the door is permanently open. Just because a statement was accidentally repeated, out of its original context.
Consequences
This is as simple as that: since a conditional piece of code was executed in all cases because of a mistake, one of the security doors of Apple’s operating system was always open: if you knew which door to go to, you could bypass the whole security and enter without any problem.
Shellshock
Your grandpa speaks an old forgotten dialect.
You only know one sentence in this language.
Because you learned it so long ago that you can’t clearly remember, you just think it’s a common greeting.
But it actually means “do this now”.
And your grandpa – a fragile person due to his age – would actually blindly do anything you ask him.
So far, no one noticed because no one gave an order to your grandpa in his dialect.
Yet he was vulnerable all the time (or at least, for the past 25 years). He’d just do anything if asked the right way.
Sadly, it turned out that a lot of people would actually also do the same.
It wasn’t a mistake, just some old dialect that very few people consciously understood.
Conclusion
Of course, there were much more than 3 major events this year, but that might be enough to convince your audience, and save your holidays
I hope this will help to face your relatives & friends’ questions without boring them.
May you enjoy nice holidays – Merry Christmas / happy solstice!
The post 3 Tips for Geeks to Save Their Holidays appeared first on Avira Blog.