LibreSSL, a fork of OpenSSL, has already made “improvements” in OpenSSL programming practices according to OpenBSD officials.
Browsing Category: Cryptography
There is no shortage of bad advice online about crypto–or anything else, for that matter. And the recent mess involving the OpenSSL heartbleed vulnerability has brought out plenty of advice on building, implementing and repairing cryptosystems, but experts say that the fundamental truths about how to do these tasks hasn’t changed much. Cryptosystems are the[...]
NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
One of the consequences of the drama around the OpenSSL heartbleed vulnerability is that security experts have begun taking a hard look again at the certificate revocation process and whether it actually protects users or gives them any visibility into the validity of a given certificate. In a lot of cases, the answer is probably no.
A number of ICS products from Siemens and Innominate are vulnerable to the OpenSSL heartbleed flaw, some of which do not have updates available yet. The list of products affected by the heartbleed vulnerability continues to grow by the day, with OpenVPN being one of the latest. A researcher on Friday said that he was[...]
The openSSL heartbleed has led to a huge increase in the number of SSL certificates being revoked, as site owners and hosting providers go through the process of replacing vulnerable certificates.
The Tor Project is in the process of rejecting exit nodes vulnerable to the Heartbleed OpenSSL vulnerability after researcher Collin Mulliner discovered more than 1,000 leaking plaintext traffic.
Netcraft reports that certificates on 80,000 of the half-million Web servers vulnerable to Heartbleed exploits have been revoked.
A cryptanalysis of TrueCrypt, the second half of an audit of the open source encryption software, will involve a small team of experts who will manually audit the code.
The initial phase of the TrueCrypt audit has been released and 11 vulnerabilities were uncovered, but no evidence of a backdoor.