The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.
Tag Archives: Heartbleed
Cloudflare, Cloudbleed – or 3,400 reasons of shit happens
Over the course of the last six months, Cloudflare bled a lot of sensitive data. The reason? A bug in its HTML-Parser that in the end impacted millions of websites. Beside other things, they offer DDoS protection and a CDN service. Due to the massiv amount of affected websites its a rather important issue and it’s […]
The post Cloudflare, Cloudbleed – or 3,400 reasons of shit happens appeared first on Avira Blog.
OpenSSL Update Fixes High-Severity DoS Vulnerability
US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.
Heartbleed Persists on 200,000 Servers, Devices
Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.
Code Reuse a Peril for Secure Software Development
Open source and third-party software bugs haunt even the best developers’ projects, despite the industry’s best efforts to avoid them.
Threatpost News Wrap, March 4, 2016
Mike Mimoso and Chris Brook recap RSA 2016, the pervasiveness of the FBI vs. Apple debate, OpenSSL two years after Heartbleed, and why hacking back is always a bad idea.
OpenSSL Operating With Renewed Vision Two Years After Heartbleed
At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL’s Development Team described some benefits the nasty bug afforded them.
Advantech ICS Gear Still Vulnerable to Shellshock, Heartbleed
Rapid7 disclosed that Advantech EKI industrial control gear remains vulnerable to Shellshock and Heartbleed, in addition to a host of other vulnerabilities.
The world’s biggest bug bounty payouts
From finding flaws to suggesting innovative security measures for the future, we look at some of the biggest bug bounty payouts in recent years.
The post The world’s biggest bug bounty payouts appeared first on We Live Security.
OpenSSL Past, Present and Future
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.