Collaborate Disseminate
A UK city council has been hit by a £100,000 fine after it suffered an embarrassing data breach as a result of not patching against the infamous Heartbleed vulnerability in a timely fashion.
Read more in my article on the Hot for Security blog.
Continue reading Heartbleed still hurting hard. UK council fined £100,000 after data breach
Cybercriminals don’t take holidays, as recent breaches show: here are some tips to keep your data safe while you travel Continue reading Going travelling? Don’t drop your guard when you’re on the road
I am writing my bachelor thesis in it-security where I focus on heartbleed. I want to use the code from openssl to show what the problem was and what they have done to fix/prevent it. But I haven’t been able to find where in … Continue reading OpenSSL heartbeat function [on hold]
The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm. Continue reading Torvalds Downplays SHA-1 Threat to Git
By Waqas
Change.org, a famous online petition website is sending emails to its registered petitioners encouraging them to change their account password on the website. The email came days after Google employee, Tavis Ormandy of Project Zero exposed Cloudbleed bug that seems to have leaked sensitive and personal information passing through websites using CloudFlare’s service. The email […]
This is a post from HackRead.com Read the original post: Change.org sends password reset email after CloudBleed bug
Continue reading Change.org sends password reset email after CloudBleed bug
In April 2014, the security community was shocked with the revelation that a poorly implemented TLS extension in OpenSSL could allow attackers to easily disclose private memory contents from an astonishing number of HTTPS sites. This bug, of course, is CVE-2014-0160 but it is better known by its brand name “Heartbleed.” This bug was cleverly […]… Read More
The post The Internet’s Freshest Wounds: My Thoughts On Ticketbleed, Cloudbleed and HTTPS appeared first on The State of Security.
Continue reading The Internet’s Freshest Wounds: My Thoughts On Ticketbleed, Cloudbleed and HTTPS
given the recent exposure of the information leak stemmed from buffer-overrun of HTML-parser of CF’s edge servers; fundamentally how it is different from HeartBleed?
CloudFlare have detailed the bug here: https://blog.cloudf… Continue reading How CloudBleed is different from HeartBleed?
US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e. Continue reading OpenSSL Update Fixes High-Severity DoS Vulnerability
US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e. Continue reading OpenSSL Update Fixes High-Severity DoS Vulnerability
“Ticketbleed” bug in F5 firewalls is no Heartbleed, but it still poses a threat. Continue reading Newly discovered flaw undermines HTTPS connections for almost 1,000 sites