World’s most popular email server praised as ‘near-impenetrable’
Exhaustive audit by external experts found only three minor flaws Continue reading World’s most popular email server praised as ‘near-impenetrable’
Category Archives: Heartbleed
Heartbleed Still a Heartache 1,000 Days In
A recent report released by Shodan found that as of January 22, 2017, nearly 200,000 publicly accessible internet devices were vulnerable to Heartbleed. The detailed report gives some insight into those who continue to be exposed to this vulnerability. It’s no surprise that the majority of these systems are HTTPS pages hosted by Apache and […]… Read More
The post Heartbleed Still a Heartache 1,000 Days In appeared first on The State of Security.
Heartbleed Persists on 200,000 Servers, Devices
Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago. Continue reading Heartbleed Persists on 200,000 Servers, Devices
Heartbleed is not dead. And isn’t likely to be any time soon
The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago. The others simply don’t give a damn.
Continue reading Heartbleed is not dead. And isn’t likely to be any time soon
What do these snort rules do?
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"SERVEROTHER
OpenSSL TLSv1.2 heartbeat read overrun attempt";
flow:to_server,established; content:"|18 03 03|"; depth:3; dsize:>40;
detection_filter:track by_src, count 3, seconds 1; metadata:policy balanced-ips
drop, policy security-ips drop, service ssl; reference:cve,2014-0160;
classtype:attempted-recon; sid:30513; rev:2;)
and
alert tcp $HOME_NET 443 -> $EXTERNAL_NET any
(msg:"SERVER-OTHER `TLSv1 large heartbeat response – possible ssl
heartbleed attempt"; flow:to_client,established; content:"|18 03 01|";
depth:3; byte_test:2,>,128,0,relative; detection_filter:track by_dst,
count 5, seconds 60; metadata:policy balanced-ips drop,
policy security-ips drop, service ssl; reference:cve,2014-0160;
classtype:attempted-recon; sid:30515; rev:3;)
Code Reuse a Peril for Secure Software Development
Open source and third-party software bugs haunt even the best developers’ projects, despite the industry’s best efforts to avoid them. Continue reading Code Reuse a Peril for Secure Software Development
Adobe Patches Flash Zero Day Under Attack
Adobe released an emergency Flash Player update that patches a use-after-free vulnerability being exploited in targeted attacks. Continue reading Adobe Patches Flash Zero Day Under Attack
Shellshock Anniversary: Major Security Flaw Still Going Strong
As if to celebrate its two-year anniversary, Shellshock, one of the most infamous bugs of 2014, ramped up its activity in September.
The post Shellshock Anniversary: Major Security Flaw Still Going Strong appeared first on Security Intelligence.
Continue reading Shellshock Anniversary: Major Security Flaw Still Going Strong
Computer Virus 101
What is a computer virus? Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid…read more
The post Computer Virus 101 appeared first on Webroot Threat Blog.
Heartbleed, ImageTragick, Badlock – Are we facing a named vulnerability backlash?
Does it help to give a vulnerability a slick-sounding name and fancy logo? Or is it giving us “glamour vulnerability fatigue”? Continue reading Heartbleed, ImageTragick, Badlock – Are we facing a named vulnerability backlash?