Collaborate Disseminate
Mike Mimoso and Chris Brook recap RSA 2016, the pervasiveness of the FBI vs. Apple debate, OpenSSL two years after Heartbleed, and why hacking back is always a bad idea.
Continue reading Threatpost News Wrap, March 4, 2016
At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL’s Development Team described some benefits the nasty bug afforded them. Continue reading OpenSSL Operating With Renewed Vision Two Years After Heartbleed
I have run a heartbleed detector from Lookout on my Android phone. It says:
The version of openSSL is affected by the heartbleed bug but the
vulnerable behaviour is not enabled.
What does it mean by not enabled?
I can see /system… Continue reading Heartbleed check for mobile and mobile apps
It is interesting to observe, that Tor exit nodes with out-of-date OpenSSL implementations can themselves be affected by the Heartbleed bug.
Can Heartbleed expose a Tor user’s IP address merely by exploiting the vulnerable Tor exit node, o… Continue reading Can Heartbleed expose a Tor user’s IP address?
In the context of the Heartbleed bug I would like to make sure that I can detect if someone tries to do a MITM attack with a stolen certificate, which since has been revoked. The problem is that browser either only soft-fail or don’t check… Continue reading How to configure Browser to detect revoked certificates?
I have read this post askbuntu, the step to fix the heartbleed vulnerability almost:
upgrade openssl.
generate new keys.
revoke the old certificates.
Some posts say attackers may have got your server’s private keys.
If there’s the possib… Continue reading Would there be MITM attack even fix the heartbleed vulnerability? [closed]
I’ve been hearing more about the OpenSSL Heartbleed attack, which exploits some flaw in the heartbeat step of TLS. If you haven’t heard of it, it allows people to:
Steal OpenSSL private keys
Steal OpenSSL secondary keys
Ret… Continue reading How exactly does the OpenSSL TLS heartbeat (Heartbleed) exploit work?