Items tagged with OpenSSL
A newly discovered attack vector is threatening to leave millions of websites underwater, gasping for air. Since we live in an acronym-crazed society, it should come as no surprise that this latest exploit described as Decrypting RSA with Obsolete and Weakened eNcryption goes by the name of "DROWN."
DROWN preys on...
Read more...
When the OpenSSL vulnerability Heartbleed broke cover in April, it felt like it was the only thing that mattered for an entire week. Like many news outlets, we reported on the bug from a number of different angles, and it was all for good reason: It's a severe bug, and one that the world needs to know about. Given all...
Read more...
The Heartbleed Bug illustrated just how vulnerable our global communications structure really is, and now a glut of important tech companies in collaboration with the Linux Foundation are launching a new initiative called the Core Infrastructure Initiative to better support the open source projects and technologies...
Read more...
As Seth covered earlier today, Bloomberg has accused the NSA of benefiting from the Heartbleed OpenSSL bug. The NSA denies this in fairly strong terms. I'd like to draw attention to a different facet of the topic -- first, by discussing the semantics of the NSA's denial and then the wider impact of how that denial is...
Read more...
The news of two truly horrible security breaches broke this year; one was the NSA’s shadowy data grabbing and surveillance program, and the other was the Heartbleed bug that left about two-thirds of the Internet utterly exposed to any bad actor. According to a Bloomberg report, these two stories have merged, as “two people familiar...
Read more...
Terrible news, everyone: There’s a coding error in the OpenSSL cryptographic software library that allows anyone with the right tools and a little know-how to access secret encryption keys, usernames, passwords, and even content on sites using OpenSSL for protection. That includes roughly two-thirds of the...
Read more...