Today’s topics include Mozilla’s decision to disable “opportunistic encryption,” new threat intelligence services from Cisco, a fresh collaboration between IBM and NASA and findings about the vulnerability of the Global 2000.
Mozilla has had a change of heart regarding opportunistic encryption—for now. The company rolled out its open-source Firefox 37 Web browser on March 31, including an important new feature called opportunistic encryption.
However, due to a security issue related to opportunistic encryption, Mozilla disabled the feature in the Firefox 37.0.1 update released April 3. The security issue is located in Mozilla’s HTTP Alternative Services implementation, which is connected to the opportunistic encryption capability.
Mozilla plans to re-enable the encryption feature once it resolves the security issue.
Cisco recently announced new threat intelligence and incident response services. These come to Cisco thanks in part to the integration of technologies from ThreatGrid, a company Cisco acquired in May 2014.
Helping to push forward the new threat intelligence capabilities is co-founder and former CTO of ThreatGrid Dean De Beer, who is now principal engineer of Advanced Threat Solutions at Cisco.
Cisco’s Advanced Malware Protection platform is now being expanded with the help of ThreatGrid’s platform. IBM and NASA are collaborating on a global code-a-thon where developers will be tasked with building applications that bolster space exploration missions and help to improve life on Earth.
IBM announced that it will provide its Bluemix platform for the NASA Space App Challenge Virtual Event to help developers rapidly build apps that contribute to space exploration and solve global challenges.
Nearly three-quarters of the Global 2000 continue to be vulnerable to cyber-attacks because they have not fully hardened their systems against the effects of the OpenSSL Heartbleed vulnerability reported a year ago, according to a report from encryption key management firm Venafi.
Using scans of Global 2000 companies’ public-facing systems, the firm found that 74 percent of the businesses are still vulnerable to the fraudulent use of encryption and certificate keys stolen in the days following the disclosure of the Heartbleed vulnerability. Eight months ago, 76 percent of companies were vulnerable, Venafi reported.