Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.
Browsing Author: Michael Mimoso
Swedish VPN providers Mullvad report that private keys moving through OpenVPN installations are not immune to Heartbleed OpenSSL exploits.
The Tor Project is in the process of rejecting exit nodes vulnerable to the Heartbleed OpenSSL vulnerability after researcher Collin Mulliner discovered more than 1,000 leaking plaintext traffic.
Netcraft reports that certificates on 80,000 of the half-million Web servers vulnerable to Heartbleed exploits have been revoked.
A cryptanalysis of TrueCrypt, the second half of an audit of the open source encryption software, will involve a small team of experts who will manually audit the code.
Microsoft has updated its free Threat Modeling Tool with enhancements to the threat-generation logic, a new drawing surface and the ability to migrate old threat models and definitions.
Web application security begins with the developer’s comfort level and familiarity with a programming language. WhiteHat Security’s latest report examines the security of six top languages.
The Heartbleed story advanced over the weekend with word of researchers exploiting the OpenSSL flaw to steal private SSL keys, and the loss of data on websites in the U.K. and Canada.
The initial phase of the TrueCrypt audit has been released and 11 vulnerabilities were uncovered, but no evidence of a backdoor.
Experts say it’s highly unlikely private SSL keys can be stolen by hackers using the Heartbleed OpenSSL bug, but not impossible.