Heartbleed – WindowsTechs.com

How easy or difficult it is to exploit older SSL/TLS protocols?

Posted on March 22, 2023 by Sreeraj

Detection of outdated TLS/SSL protocols are one of the most common findings I have seen in many vulnerability scans and penetration testing reports. It is reported as a serious vulnerability too. Every time I see this, I wonder how easy or… Continue reading How easy or difficult it is to exploit older SSL/TLS protocols?→

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Posted on November 3, 2022 by Paul Ducklin

Listen now – latest episode – audio plus full transcript Continue reading S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]→

OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

Posted on November 2, 2022 by Deeba Ahmed

By Deeba Ahmed
The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations.
This is a post from HackRead.com Read the original post: OpenSSL Released Patch fo… Continue reading OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week→

GnuTLS patches memory mismanagement bug – update now!

Posted on August 1, 2022 by Paul Ducklin

GnuTLS may well be the most widespread cryptographic toolkit you’ve never heard of. Learn more… Continue reading GnuTLS patches memory mismanagement bug – update now!→

How can I get metasploit auxiliary to display the result?

Posted on December 25, 2021 by TheRealTengri

I am testing a site to see if it is vulnerable to Heartbleed CVE-2014-0160 (they have a bug bounty program). I ran the following commands in metasploit:
msf6 > use auxiliary/scanner/ssl/openssl_heartbleed
msf6 auxiliary(scanner/ssl/open… Continue reading How can I get metasploit auxiliary to display the result?→

Memory encryption against memory leaks

Posted on October 7, 2021 by ScreechingMultimeterNoises

Will memory encryption (or compression) provided by Intel or AMD processors protect against attacks like HeartBleed or similar memory leaks?

Continue reading Memory encryption against memory leaks→

Heartbleed attempt only working with VERY large message size

Posted on July 16, 2021 by Daniel Walker

I’m attempting to familiarize myself with Heartbleed by crafting a simple Python script. I’ve got an HTTPS (TLS 1.2, OpenSSL 1.0) server running on localhost. After connecting to the server and receiving the server hello done
16 03 03 00… Continue reading Heartbleed attempt only working with VERY large message size→

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

Posted on January 6, 2021 by Lindsey O'Donnell

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols. Continue reading NSA Urges SysAdmins to Replace Obsolete TLS Protocols→

Old Vulnerabilities Open the Door for WannaCry Ransomware

Posted on December 1, 2020 by Sue Poremba

More than three years since it was discovered, WannaCry is still a threat for some organizations, research has found How often does your organization conduct a security assessment? Once a year? Once a month? It’s great that your organization is lookin… Continue reading Old Vulnerabilities Open the Door for WannaCry Ransomware→

Lots of TLSCiphertext length MUST NOT exceed 2^14 + 2048 in wireshark

Posted on February 18, 2020 by DAG

We have small network with ~20 clients (Wifi and Lan). I captured a few seconds of our network traffic with wireshark and encountered a lot of TLSCiphertext length MUST NOT exceed 2^14 + 2048 errors in the expert analysis for different IP… Continue reading Lots of TLSCiphertext length MUST NOT exceed 2^14 + 2048 in wireshark→