Heartbleed still hurting hard. UK council fined £100,000 after data breach

A UK city council has been hit by a £100,000 fine after it suffered an embarrassing data breach as a result of not patching against the infamous Heartbleed vulnerability in a timely fashion.

Read more in my article on the Hot for Security blog.

Heartbleed is not dead. And isn’t likely to be any time soon

The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago. The others simply don’t give a damn.

Heartbleed is far from dead. 200,000+ vulnerable devices on the internet

Clearly, some manufacturers and IT teams have dropped the ball, and failed to update vulnerable systems

My bet is that there will always be devices attached to the internet which are vulnerable to Heartbleed.

OpenSSL patched against high severity denial-of-service bug, and other flaws

Phew! The high severity OpenSSL bug is not another Heartbleed, but a denial-of-service flaw instead.

Make sure you learn about it (and other vulnerabilities fixed) and take appropriate action.

Heartbleed blamed for hack that put 4.5 million patients at risk

Heartache for Community Health Systems, as an unpatched Juniper device is blamed for serious security breach.

More security flaws discovered in OpenSSL. Patch now!

Remember the Heartbleed scare which had you scurrying to change your passwords and worrying about online privacy a few weeks ago?

Well, it looks like that wasn’t the last word in security issues with OpenSSL.

Post-Heartbleed: What should you be doing about passwords?

The Heartbleed bug could be the perfect opportunity for you and your company to take another look at passwords, and make a change for the better.

Read more in my article on F-Secure’s B2B blog.

Heartbleed: Teenager charged after Canadian taxpayer hack

A 19-year-old man has been charged in connection with a hack using the Heartbleed bug which leaked 900 social insurance numbers, and caused a Canadian government website to shut down for four days.

Up to 50 million Android devices could be vulnerable to Heartbleed attack. Here’s how to check yours

Millions of Android smartphones and tablets are at risk of being attacked via the Heartbleed bug, more than a week after the security vulnerability was first made public.


Heartbleed claims British mums and Canadian tax payers as victims

The critical Heartbleed security vulnerability in OpenSSL continues to raise alarm, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.

Find out more in my article on the We Live Security blog.

Heartbleed bug *can* expose private SSL keys

If you administer a server and have so far put off revoking and reissuing your SSL certificates, it might be time to think again.

If you don’t, you could be putting your users and online customers in jeopardy.


The NSA knew about Heartbleed bug for two years, claims report

Has the United States’ National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years?

And, if it’s true, would you be surprised?

Read my article on the Hot for Security blog to find out more.

Heartbleed bug explained by xkcd in a way anyone can understand

It’s simply amazing how amazingly simple this XKCD cartoon is at explaining what the Heartbleed bug is all about.


In the wake of Heartbleed, watch out for phishing attacks disguised as password reset emails

It wouldn’t be a surprise if phishers used the Heartbleed scare as a way of tricking users into revealing their passwords.

Be careful what you click on, and – if you’re a website owner – don’t make your emails follow bad practices!

Read my article on the Hot For Security blog.

Here’s some really bad Heartbleed bug advice about changing your passwords

A lot of folks are going around at the moment telling the public to change all of their passwords in response to the serious Heartbleed internet security bug.

But it’s not necessarily the wisest advice.


Heartbleed OpenSSL bug: An FAQ for Mac, iPhone and iPad users

In the last couple of days you cannot fail to have seen the huge number of media articles about the so-called Heartbleed bug.

In this article for Intego’s Mac Security blog, we’ll try and answer some of the common questions that users of Apple products have raised about this issue.