TLS

DROWN attack: 33% of all HTTPS servers declared at risk

Web servers around the world are at risk from a serious security vulnerability, dubbed the DROWN attack, which could allow hackers to steal private information.


1 min read

MI5’s website uses obsolete encryption protocol – and they’re fine with that

Is British intelligence service MI5 following best security practice on its website?

Or have they just scraped a C grade?


1 min read

heatsoftware.com

The Logjam vulnerability – what you need to know

Researchers discover a new attack against encrypted communications on the internet.

Read more in my article on the Optimal Security blog.


0 sec read

Barclays, Halifax and Tesco banks still vulnerable to POODLE attack

Six months after the world was warned about the POODLE bug, some online banks don’t seem to have received the memo.


51 sec read

OpenSSL patched against high severity denial-of-service bug, and other flaws

Phew! The high severity OpenSSL bug is not another Heartbleed, but a denial-of-service flaw instead.

Make sure you learn about it (and other vulnerabilities fixed) and take appropriate action.


1 min read

Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

Vulnerability in OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is described as “highly serious”.


1 min read

Windows 8.1 Update required for all future updates can actually STOP all future updates!

You know that Windows 8.1 update that you *must* install to get future updates? The one that if you choose not to install, you won’t get any future updates?

Well, it turns out that if you install that update you might actually *not* get any future updates. Oh dear.


1 min read