Covert Redirect Is Just a Flaw It’s Not Another Heartbleed

Posted by:

covert redirect is no heartbleedBut That Doesn’t Mean Its Not A Problem

On Friday, a PhD student at the Nanyang Technological University in Singapore, Wang Jing, published a report focused on a method of attack called “Covert Redirect,” promoting it as a vulnerability in OAuth 2.0 and OpenID. Yet Jing’s contention of security flaws in OAuth and OpenID has serious flaws of its own, according ...

Read More →
0

Heartbleed: Researchers Claim That 95% Of Detection Tools Are Flawed

Posted by:

heartbleed bug tools flawed

You’re Not Out Of The Woods Yet….

If you’ve used one of the free Heartbleed checker tools on the Internet and your site came up “clean” for Heartbleed, you might think again before you breath a sigh of relief.  There’s a good chance you haven’t really checked everything and there’s an even better chance your sites not free from exposure.

Some tools designed to detect the Heartbleed vulnerability are flawed and ...

Read More →
0

New Red Herring Honeypot Fights Heartbleed

Posted by:

red herring honeypotWASHINGTON: US cybersecurity researchers have developed a technique that fights the ‘Heartbleed’ virus, and detects and entraps hackers who might be using it to steal sensitive data.

The Heartbleed bug, which became public last week, has set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.

Researchers at The University of Texas at Dallas ...

Read More →
0

Akamai Heartbleed Patch – Not So Much!

Posted by:

Heartbleed Patch - Akami

Since Akami handles almost 1/3 of the Internet’s traffic so their patch that didn’t patch so much is a big deal.

Akami’s patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.

Writing on his company’s blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher ...

Read More →
0

Heartbleed: Gov. Agencies Respond

Posted by:

It’s Not Just A Website Issue

Security thought-leaders continue to offer insight into the Heartbleed bug. Avivah Litan, fraud analyst at Gartner Research, calls the issue “mega-serious.”

“I’m just trying to understand why all the news reports are focused on individual communications with websites,” Litan says. “SSL protocols, including OpenSSL, are used in most ‘trusted’ machine to machine communications. The bug affects routers, switches, operating systems and other applications that support the protocol in order to ...

Read More →
0

Heartbleed Bug – Open SSL Vulnerability Solution

Posted by:

heartbleed solutionThe TBG Security team has been investigating a critical vulnerability in the OpenSSL cryptographic library.  This vulnerability, which is known as the “Heartbleed Bug,” allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL software.  This issue should be considered extremely critical due to its impact, long exposure, ease of exploitation, the absence of application ...

Read More →
0
})
SEC Cybersecurity Exams