1. The “FREAK” bug is another vulnerability found in the SSL and TLS protocols.
This is a protocol-downgrade attack and can be used against a third of the world’s “secured” websites.
The browser vendors are working on releasing patches including Apple, Google and Microsoft.
Upshot: Be on the lookout for server patches as part of your vulnerability management. Reference the Qualys SSL client test and server test tools and disable old vulnerable protocols on your web servers.
2. Hillary Clinton was caught using “Shadow IT“ after using a personal email for communication related to her position.
This is a prime example of how even the best security policies can be bypassed by top execs.
This also brought up the debate of the security of a private-cloud vs. public-cloud email server. One is not necessarily more secure than the other.
Upshot: A strong BYOD and email use policy in addition to a security aware executive team can help.
Author: Todd Bey
Equilibrium IT Solutions, Inc.