But That Doesn’t Mean Its Not A ProblemOn Friday, a PhD student at the Nanyang Technological University in Singapore, Wang Jing, published a report focused on a method of attack called “Covert Redirect,” promoting it as a vulnerability in OAuth 2.0 and OpenID. Yet Jing’s contention of security flaws in OAuth and OpenID has serious flaws of its own, according ...
Read More →
If you’ve used one of the free Heartbleed checker tools on the Internet and your site came up “clean” for Heartbleed, you might think again before you breath a sigh of relief. There’s a good chance you haven’t really checked everything and there’s an even better chance your sites not free from exposure.
Some tools designed to detect the Heartbleed vulnerability are flawed and ...
Read More →Posted by:
WASHINGTON: US cybersecurity researchers have developed a technique that fights the ‘Heartbleed’ virus, and detects and entraps hackers who might be using it to steal sensitive data.
The Heartbleed bug, which became public last week, has set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.
Researchers at The University of Texas at Dallas ...
Read More →Posted by:
Since Akami handles almost 1/3 of the Internet’s traffic so their patch that didn’t patch so much is a big deal.
Akami’s patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.
Writing on his company’s blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher ...
Read More →Posted by:
Security thought-leaders continue to offer insight into the Heartbleed bug. Avivah Litan, fraud analyst at Gartner Research, calls the issue “mega-serious.”
“I’m just trying to understand why all the news reports are focused on individual communications with websites,” Litan says. “SSL protocols, including OpenSSL, are used in most ‘trusted’ machine to machine communications. The bug affects routers, switches, operating systems and other applications that support the protocol in order to ...
Read More →
The TBG Security team has been investigating a critical vulnerability in the OpenSSL cryptographic library. This vulnerability, which is known as the “Heartbleed Bug,” allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL software. This issue should be considered extremely critical due to its impact, long exposure, ease of exploitation, the absence of application ...
