Private crypto keys are accessible to Heartbleed hackers, new data shows

Four people have been able to see server keys and certificates in a test. Aurich Lawson / Thinkstock Contrary to previous suspicions, it is possible for hackers exploiting the catastrophic vulnerability dubbed Heartbleed to extract private encryption keys from vulnerable websites, Web services firm Cloudflare reported Saturday. As recently as yesterday, Cloudflare published preliminary findings that seemed to indicate that ...

The OpenSSL Heartbleed Bug: What It Means To You

Below are steps for a Heartbleed resolution Heartbleed Resolution Steps for Symantec, GeoTrust, RapidSSL, Comodo and Thawte Step 1: To determine if you are vulnerable due to the Heartbleed bug, enter your domain name onhttps://www.ssllabs.com/ssltest/index.html. If your site is in the clear, then no action is needed J. However, if it is determined that your site ...

Here’s everything you need to know about the Heartbleed web security flaw

  photo: Thinkstock / aetb SUMMARY:Researchers have discovered a serious flaw known as Heartbleed that affects the security software that runs on about two-thirds of the servers on the internet and could expose user data, including passwords. Here’s what you need to know about it It seems as though every week or so there’s a new ...

Heartbleed vulnerability may have been exploited months before patch [Updated]

Fewer servers now vulnerable, but the potential damage rises. Aurich Lawson / Thinkstock Update: Errata Security’s Robert Graham has acknowledged that he was mistaken in his assessment, and that private keys could be at risk. The original story below has been marked up accordingly. There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly ...

Cisco finds 13 products (so far) vulnerable to Heartbleed—including phones

Collaboration products, router OS have OpenSSL bug; Cisco still checking others Cisco has issued a security bulletin for customers about the Heartbleed bug in the OpenSSL cryptography code, and it’s not about Web servers. So far, the company has unearthed 11 products and 2 services susceptible to attack through the vulnerability, which can be used to retrieve ...

OpenSSL Heartbleed exploit and what it means for you

At the start of this week there was an OpenSSL vulnerability that was made public which effectively allowed hackers to be able to dump 64kb worth of content sitting in the server memory. This memory is often used to store private keys and other private information. For those that are unaware, OpenSSL is the cryptographic ...

Internet Explorer 9, 10 and 11 (Win) – Clearing Cache and Cookies

Internet Explorer 9, 10 and 11 (Win) – Clearing Cache and Cookies This document explains how to clear the cache and cookies in Internet Explorer 9, 10 and 11.   Select Tools (via the Gear Icon) > Safety > Delete browsing history…. Make sure to uncheck Preserve Favorites website data and check both Temporary Internet Files and Cookies then click Delete. You will ...

Does devops leave security out in the cold?

  photo: Barb Darrow SUMMARY:It took a lot of work to get developers and IT ops people to collaborate. The next step: getting them to factor in security at the beginning of the process. After all the angst that goes into getting developers and IT operations people on the same page — which is what ...

NetApp changes V-Series to FlexArray, launches new enterprise array

NetApp Inc. today made changes throughout its product line, adding a FAS8000 enterpriseunified storage system and FlexArray storage virtualization software, and updating itsclustered Data Ontap operating system. Enterprise arrays with more capacity, memory, flash The FAS8000 consists of three models that replace the FAS6200 enterprise and FAS3200 midrange arrays. NetApp will continue to sell the FAS2200 entry-level series. The ...

Using the ZFS next-gen filesystem on Linux

If btrfs interested you, start your next-gen trip with a step-by-step guide to ZFS. If you’re not an expert on armored anteaters that’s a pangolin. Aurich Lawson / ThinkStock In my last article on next-gen filesystems, we did something in between a generic high altitude overview of next-gen filesystems and a walkthrough of some of btrfs’ ...