Still reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw

Bug in crypto library strips away one of the Internet’s most crucial protections. Wikimedia A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by the transport layer security (TLS) protocol, the Internet’s most widely used method for ...

How I used Heartbleed to steal a site’s private crypto key

Extracting keys from unpatched servers requires skill, but it’s eminently doable. Aurich Lawson / Thinkstock By now everyone knows about the OpenSSL Heartbleed vulnerability: a missing bounds check in one of the most popular TLS implementations has made millions of Web servers (and more) leak all sorts of sensitive information from memory. This can leak login credentials, authentication cookies, ...

Private crypto keys are accessible to Heartbleed hackers, new data shows

Four people have been able to see server keys and certificates in a test. Aurich Lawson / Thinkstock Contrary to previous suspicions, it is possible for hackers exploiting the catastrophic vulnerability dubbed Heartbleed to extract private encryption keys from vulnerable websites, Web services firm Cloudflare reported Saturday. As recently as yesterday, Cloudflare published preliminary findings that seemed to indicate that ...

The OpenSSL Heartbleed Bug: What It Means To You

Below are steps for a Heartbleed resolution Heartbleed Resolution Steps for Symantec, GeoTrust, RapidSSL, Comodo and Thawte Step 1: To determine if you are vulnerable due to the Heartbleed bug, enter your domain name onhttps://www.ssllabs.com/ssltest/index.html. If your site is in the clear, then no action is needed J. However, if it is determined that your site ...

Here’s everything you need to know about the Heartbleed web security flaw

  photo: Thinkstock / aetb SUMMARY:Researchers have discovered a serious flaw known as Heartbleed that affects the security software that runs on about two-thirds of the servers on the internet and could expose user data, including passwords. Here’s what you need to know about it It seems as though every week or so there’s a new ...

Heartbleed vulnerability may have been exploited months before patch [Updated]

Fewer servers now vulnerable, but the potential damage rises. Aurich Lawson / Thinkstock Update: Errata Security’s Robert Graham has acknowledged that he was mistaken in his assessment, and that private keys could be at risk. The original story below has been marked up accordingly. There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly ...

OpenSSL Heartbleed exploit and what it means for you

At the start of this week there was an OpenSSL vulnerability that was made public which effectively allowed hackers to be able to dump 64kb worth of content sitting in the server memory. This memory is often used to store private keys and other private information. For those that are unaware, OpenSSL is the cryptographic ...