light bulb

Did You Know?



Reply
Posts: 5,586
Topics: 3,634
Kudos: 7,086
Registered: ‎06-12-2013

Popular HTTPS sites still vulnerable to OpenSSL connection hijacking attack

A known critical vulnerability in OpenSSL can be exploited on over 20,000 of Internet's top 155,000 SSL sites, a researcher from Qualys said

 

Some of the Internet's most visited websites that encrypt data with the SSL protocol are still susceptible to a recently announced vulnerability that could allow attackers to intercept and decrypt connections.

On June 5, developers of the widely used OpenSSL crypto library released emergency security patches to address several vulnerabilities, including one tracked as CVE-2014-0224 that could allow attackers to spy on encrypted connections if certain conditions are met.

Until a few years ago, full-session encryption via HTTPS (HTTP with SSL) was mainly used by financial, e-commerce and other sites dealing with sensitive information. However, the increasing use of mobile devices that often connect over insecure wireless networks, coupled with the past year's revelations of upstream bulk data collection by spy agencies, led to a large number of sites adding support for it.

 

Full Article

 

Sr. Community Leader

Posts: 5,586
Topics: 3,634
Kudos: 7,086
Registered: ‎06-12-2013

Heartbleed was just the beginning as more vulnerabilities appear

By Frank Ohlhorst June 17, 2014

 

In the two months since the OpenSSL vulnerability known as Heartbleed hit the headlines and active solutions were offered to plug the security breach, more vulnerabilities have begun to surface.

The OpenSSL project has announced six additional vulnerabilities for the organization's cryptography platform, creating some concern that there are additional flaws yet to be uncovered. That latest batch of vulnerabilities include denial of service, information disclosure and potential remote code execution - all of which should be of a major concern to anyone protecting corporate IT resources.

 

Full Article

 

Sr. Community Leader