heartbleed

Thu
03
Mar
John Lister's picture

New 'Drown' Bug: Millions of Secure Sites Could be at Risk

An estimated 11 million secure websites could be vulnerable to hackers exploiting a security bug. Amazingly, the bug has to do with technology that is over 20 years old. There's little, if anything website visitors can do as the bug needs fixing by ... site operators. However, it is possible to check if a site appears to be vulnerable. The bug has been dubbed Drown, a name rather tenuously derived from "Decrypting the RSA algorithm with Obsolete and Weakened eNcryption." Researchers who uncovered the bug aren't publishing the precise details. At the moment it's not known if ... (view more)

Wed
21
May
John Lister's picture

Password Study: Most Sites Inadequate On Security

A new study reviewed security among leading online companies following the Heartbleed bug scare, in which a commonly used encryption technique for secure websites had the capability to expose highly confidential data. The study comes from Dashlane, ... a password management firm. The study evaluated 80 web sites and examined 6 factors with regard to the way passwords and login processes are handled. Using these details, Dashlane ranked each site between +100 and minus -100. Based on a range of security issues, the study suggests Apple and Microsoft have the securest policies for passwords, while ... (view more)

Wed
16
Apr
John Lister's picture

US Spy Policy May Put Public PCs At Risk

US government officials have flatly denied having any advance knowledge of the Heartbleed bug . The bug, which has already been exploited by hackers, has resulted in exposed social security numbers of the Canada Revenue Agency and other personal ... data. It's estimated that the bug affects approximately six percent of all websites world-wide. Now, it's emerged that US spies who discover security bugs are sometimes allowed to exploit them, rather than warn the public of any imminent dangers. A report by the Bloomberg news agency suggested the National Security Agency (NSA) knew about Heartbleed ... (view more)

Wed
09
Apr
John Lister's picture

Zero-Day SSL Flaw: Change All Passwords, Experts Say

A massive number of websites could be affected by a critical security flaw used in conjunction with web sites and web browsers. Experts suggest that all web users change their passwords to all major web sites (including banking, social media, etc) - ... but doing so comes with a number of caveats. The security flaw is related to SSL (secure sockets layer) and is expected to affect approximately six percent of all websites world-wide. According to a recent survey that reviewed approximately 959 million websites, "66% ... are powered by technology built around SSL, and that doesn't include ... (view more)

Subscribe to RSS - heartbleed