ZDNetGovWeek: Heartbleed worldwide roundup special issue

It's likely to be the worst vulnerability ever on the Internet. ZDNet's editors have been looking at the problem from all sides, including how to protect yourself and your users. This is our worldwide roundup special issue. Everything you need to know is in here.
Written by David Gewirtz, Senior Contributing Editor

ZDNet's worldwide team provides global 24/7 technology news and analysis. In addition to my own coverage analysis here in the ZDNet Government column and on ZDNet's DIY-IT, every week I'll bring you a selection of the best government-related articles posted by our intrepid reporters and analysts. Here are some of the most interesting from the last week.

ZDNet's Heartbleed worldwide coverage

Heartbleed's lesson: Passwords must die
With the multitudes of accounts we have to deal with for email, social networking and other applications that require password authentication, we need a better solution.

Worried about Heartbleed? LastPass' Security Check has you covered
LastPass has updated its built-in Security Check so that you can now easily see which sites require you to update your passwords to be safe from possible Heartbleed attacks.

How the NSA shot itself in the foot by denying prior knowledge of Heartbleed vulnerability
In admitting it didn't know about a massive security flaw in one of the Web's most used encryption libraries, the NSA inadvertently revealed a massive institutional failure.

CloudFlare keys snatched using Heartbleed
CloudFlare's analysis Friday that Heartbleed may not be able to recover private keys turns out to be wrong. Two candidates recovered the keys from their challenge server.

SANS warns end users against Heartbleed patch panic
While Heartbleed client-side attacks are possible, the SANS Institute warns that home users rushing to patch are more at risk of falling for scams — but change passwords regardless.

Private keys may be inaccessible to Heartbleed
[UPDATED] Research by CloudFlare indicates that Heartbleed can be used to obtain contents of server memory, but not private keys.

Before Heartbleed: Worst vulnerabilities ever?
There have been some pretty bad vulnerabilities before Heartbleed. Is it really any more severe than CodeRed or Blaster?

Android fragmentation turning devices into a toxic hellstew of vulnerabilities
With vulnerabilities such as Heartbleed and Pileup likely to go unpatched on tens, if not hundreds of millions of Android devices, the platform is fast becoming a toxic hellstew that should send chills down the spines of IT admins.

Apple's iOS, OS X don't have Heartbleed bug but BBM for iOS and Android do
Apple iOS and OS X devices aren't affected by the Heartbleed bug, but BlackBerry's BBM and Secure Work Spaces are — and the company says it lacks a fix for the issue.

Heartbleed's engineer: It was an 'accident'
The programmer responsible for code leading to Heartbleed says the flaw was accidental, despite its catastrophic consequences.

Heartbleed soul-search: regulation proposed for critical crypto code
Sophos' James Lyne delivers an impassioned speech on how we got to the point Heartbleed was possible and why we shouldn't be surprised it happened.

Lagging Android devices vulnerable to Heartbleed
Lack of patches and upgrade paths for Android is leaving devices vulnerable to Heartbleed exploits, security researchers from the SANS Institute and Sophos have said.

How to protect yourself in Heartbleed's aftershocks
The companies know what to do about Heartbleed now. Here's what you, as an individual, need to do now.

Cisco, Juniper products affected by Heartbleed
[UPDATE] Many networking products, including hardware, also run OpenSSL, the critical software component with a severe information disclosure vulnerability.

Other government coverage around ZDNet

Senate passes modified DATA Act, tosses it back to the House
If also passed by the House and signed by the Pres, this bill would give researchers, watchdogs, and data miners more standardized data on US spending to mine and analyze.

South Korea to mandate anti-theft mobile feature
Ministry of Science, ICT and Future Planning has completed development work on a new security feature, called Kill Switch, which it wants to make available in all smartphones sold in the country.

Dropbox defends appointing Condoleezza Rice to board
Dropbox experiences some more growing pains, but this time the hubbub concerns privacy and PR versus performance issues.

Judge enhances FTC's power to sue over security breaches
The broadening of the FTC's powers to include cybersecurity and lawsuits over security breaches extends the government's ability to destroy businesses.

Facebook updates transparency report with content removal requests
Facebook's seasonal transparency report is expanding beyond just offering a glimpse at the number of government requests for account information.

Four of Sweden's telcos stop storing customer data after EU retention directive overthrown
Sweden's telecoms operators have stopped collecting subscriber data despite the country's data retention laws remaining in force.

'It's the size of the fight in the dog': Privacy scandals opening up cloud market to Europe's startups
A two-year-old startup from Finland is going after the likes of Amazon and Google, claiming the NSA's snooping has helped upstarts get a foothold in the cloud market.

US set to boycott Brazil's anti-surveillance plans
Government-sanctioned surveillance will be a key theme at Internet governance event this month but the US will avoid "excessive deliberation" on the topic

FTC calls out Facebook, Whatsapp over privacy ahead of merger
Facebook might have its work cut out for it as it presses ahead with a multi-billion deal to buy the popular messaging service.

BlackBerry has 'no plans' to issue transparency reports on gov't data requests
The encrypted email provider and phone maker said it would not be following suit with other technology firms — at least for now.

TPP looming as Abbott ticks off trade agreements
As Prime Minister Tony Abbott winds his way through Asia signing off on various free-trade agreements, the Trans-Pacific Partnership negotiations continue in the background, edging closer to conclusion.

Editorial standards