The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.
Over the course of the last six months, Cloudflare bled a lot of sensitive data. The reason? A bug in its HTML-Parser that in the end impacted millions of websites. Beside other things, they offer DDoS protection and a CDN service. Due to the massiv amount of affected websites its a rather important issue and it’s […]
The post Cloudflare, Cloudbleed – or 3,400 reasons of shit happens appeared first on Avira Blog.
US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.
Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.
Open source and third-party software bugs haunt even the best developers’ projects, despite the industry’s best efforts to avoid them.
Mike Mimoso and Chris Brook recap RSA 2016, the pervasiveness of the FBI vs. Apple debate, OpenSSL two years after Heartbleed, and why hacking back is always a bad idea.
At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL’s Development Team described some benefits the nasty bug afforded them.
Rapid7 disclosed that Advantech EKI industrial control gear remains vulnerable to Shellshock and Heartbleed, in addition to a host of other vulnerabilities.
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.