The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago. The others simply don’t give a damn.
Web servers around the world are at risk from a serious security vulnerability, dubbed the DROWN attack, which could allow hackers to steal private information.
A new version of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is due to be released this Tuesday 1 March, fixing a number of security defects rated as “high severity.”
A high severity security hole in OpenSSL, saw it reusing prime numbers in the Diffie-Hellman protocol, opening opportunities for attackers to decrypt supposedly safely encrypted communications.
Read more in my article on the Hot for Security blog.
OpenSSL has a “high severity” bug.
Find out more, including details of the upgrade, and patch any vulnerable software.
Fingers crossed, this new vulnerability in OpenSSL won’t be anything like as serious as Heartbleed.
Phew! The high severity OpenSSL bug is not another Heartbleed, but a denial-of-service flaw instead.
Make sure you learn about it (and other vulnerabilities fixed) and take appropriate action.
Vulnerability in OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is described as “highly serious”.
Google has released Android Kitkat 4.4.4, for Nexus users at least, patching a serious vulnerability in the OpenSSL cryptographic library.
Guest contributor Philip Le Riche asks himself, should he still use TrueCrypt?
The whole TrueCrypt saga has brought into focus an issue which has been central to security thinking in government circles for many years: that of assurance.
Remember the Heartbleed scare which had you scurrying to change your passwords and worrying about online privacy a few weeks ago?
Well, it looks like that wasn’t the last word in security issues with OpenSSL.
The Heartbleed bug could be the perfect opportunity for you and your company to take another look at passwords, and make a change for the better.
Read more in my article on F-Secure’s B2B blog.
A 19-year-old man has been charged in connection with a hack using the Heartbleed bug which leaked 900 social insurance numbers, and caused a Canadian government website to shut down for four days.
Millions of Android smartphones and tablets are at risk of being attacked via the Heartbleed bug, more than a week after the security vulnerability was first made public.
The critical Heartbleed security vulnerability in OpenSSL continues to raise alarm, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.
Find out more in my article on the We Live Security blog.
If you administer a server and have so far put off revoking and reissuing your SSL certificates, it might be time to think again.
If you don’t, you could be putting your users and online customers in jeopardy.