At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL’s Development Team described some benefits the nasty bug afforded them.
Tag Archives: OpenSSL
DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk
A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2).
Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS
DROWN Flaw Exposes 33 Percent Of HTTPS Connections To Attack
The latest Internet-wide crypto vulnerability has arrived in DROWN, which can be abused by attackers to carry out man-in-the-middle attacks and decrypt traffic.
OpenSSL Patches Serious Flaws in Library
The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity.
OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches
The OpenSSL Software Foundation patched four vulnerabilities on Thursday, likely the last time that two older versions of the software library will receive updates.
Core Infrastructure Initiative Launches Open Source Security Badge Program
The Core Infrastructure Initiative, which has funded OpenSSL among other open source security projects, announced a badge program that evaluates secure development best practices.
Census Project Identifies Open Source Tools at Risk
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
OpenSSL Patches Critical Certificate Validation Vulnerability
A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
Open SSL mystery bug to be fixed Thursday July 9
A new version of Open SSL is set to be released imminently, patching a single ‘high severity’ vulnerability.
The post Open SSL mystery bug to be fixed Thursday July 9 appeared first on We Live Security.
OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software. Most of the vulnerabilities fixed in the new releases are denial-of-service bugs, but one of them can potentially cause memory corruption. That vulnerability only affected older versions of OpenSSL. […]