Posts Tagged ‘OpenSSL’

openssh

OpenSSH not anymore depending on OpenSSL

OpenSSH is an important set of programs that is used to encrypt communication and connect to servers over SSH. This is the standard way used by many system administrators to remotely manage thousands of servers. For long time developers have planned to remove the OpenSSL package as this is not required for the communication and [...]

Share
Heartbleed

End User Considerations For OpenSSL Vulnerabilities

OpenSSL vulnerabilities could enable a remote hacker to gain access to sensitive data, including secret keys and authentication credentials, via incorrect memory handling. Some of these vulnerabilities could also cause potential leak of non-encrypted information and DTLS (Datagram Transport Layer Security) data to be decrypted. More than 50% of the web servers on the internet [...]

Share
Heartbleed

Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords. Many online servers were affected by this critical vulnerability while patching [...]

Share

OpenSSL New Buffer Overrun Attack

OpenSSL core team informed about a new vulnerability in OpenSSL based TLS server. Users of all OpenSSL 0.9.8 are invited to upgrade immediately to OpenSSL 0.9.8p, in which the bug has been fixed. And Users of OpenSSL 1.0.0 and 1.0.0a are also invited to upgrade to 1.0.0b. If upgrading is not immediately possible, you can [...]

Share