Heartbleed is not dead. And isn’t likely to be any time soon

The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago. The others simply don’t give a damn.

33 sec read

DROWN attack: 33% of all HTTPS servers declared at risk

Web servers around the world are at risk from a serious security vulnerability, dubbed the DROWN attack, which could allow hackers to steal private information.

1 min read

Mystery high severity bugs in OpenSSL to be patched on Tuesday

A new version of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is due to be released this Tuesday 1 March, fixing a number of security defects rated as “high severity.”

1 min read

OpenSSL fixes high severity security hole that could allow traffic to be decrypted

A high severity security hole in OpenSSL, saw it reusing prime numbers in the Diffie-Hellman protocol, opening opportunities for attackers to decrypt supposedly safely encrypted communications.

Read more in my article on the Hot for Security blog.

0 sec read

New high severity OpenSSL vulnerability revealed. It’s time to upgrade

OpenSSL has a “high severity” bug.

Find out more, including details of the upgrade, and patch any vulnerable software.

1 min read

Get ready. Mystery high severity bug in OpenSSL to be patched on Thursday

Fingers crossed, this new vulnerability in OpenSSL won’t be anything like as serious as Heartbleed.

1 min read

OpenSSL patched against high severity denial-of-service bug, and other flaws

Phew! The high severity OpenSSL bug is not another Heartbleed, but a denial-of-service flaw instead.

Make sure you learn about it (and other vulnerabilities fixed) and take appropriate action.

1 min read

Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

Vulnerability in OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is described as “highly serious”.

1 min read

Android Kitkat 4.4.4 released by Google to tackle OpenSSL security hole

Google has released Android Kitkat 4.4.4, for Nexus users at least, patching a serious vulnerability in the OpenSSL cryptographic library.

1 min read

TrueCrypt – a matter of assurance

Guest contributor Philip Le Riche asks himself, should he still use TrueCrypt?

The whole TrueCrypt saga has brought into focus an issue which has been central to security thinking in government circles for many years: that of assurance.

4 min read

More security flaws discovered in OpenSSL. Patch now!

Remember the Heartbleed scare which had you scurrying to change your passwords and worrying about online privacy a few weeks ago?

Well, it looks like that wasn’t the last word in security issues with OpenSSL.

1 min read

Post-Heartbleed: What should you be doing about passwords?

The Heartbleed bug could be the perfect opportunity for you and your company to take another look at passwords, and make a change for the better.

Read more in my article on F-Secure’s B2B blog.

0 sec read

Heartbleed: Teenager charged after Canadian taxpayer hack

A 19-year-old man has been charged in connection with a hack using the Heartbleed bug which leaked 900 social insurance numbers, and caused a Canadian government website to shut down for four days.

1 min read

Up to 50 million Android devices could be vulnerable to Heartbleed attack. Here’s how to check yours

Millions of Android smartphones and tablets are at risk of being attacked via the Heartbleed bug, more than a week after the security vulnerability was first made public.

1 min read

Heartbleed claims British mums and Canadian tax payers as victims

The critical Heartbleed security vulnerability in OpenSSL continues to raise alarm, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.

Find out more in my article on the We Live Security blog.

0 sec read

Heartbleed bug *can* expose private SSL keys

If you administer a server and have so far put off revoking and reissuing your SSL certificates, it might be time to think again.

If you don’t, you could be putting your users and online customers in jeopardy.

1 min read