Acunetix Archives

The dangerous security hole in OpenSSL known as “Heartbleed” has (mostly) faded from the headlines, but that doesn’t mean it isn’t still dangerous. As this blog has noted, the Heartbleed vulnerability was patched quickly on major platforms like Apache and nginx and by high profile service providers like Google and Facebook. But it still has a long tail of web applications that aren’t high risk (i.e. directly reachable via the Internet) and embedded devices that use OpenSSL or its various components. As the folks over at Acunetix note in a blog post today, hundreds of other services, application software and operating systems make use of OpenSSL for purposes that might be entirely unrelated to delivering pages over HTTPS. This includes all the email servers (using SMTP, POP and IMAP protocols), FTP servers, chat servers (XMPP protocol), virtual private networks (SSL VPNs), and network appliances that use OpenSSL or its components. The number of systems vulnerable to […]

Acunetix

Infographic: A Heartbleed Disclosure Timeline (Secunia)

Recent Posts

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

Malicious Python Packages Target Crypto Wallet Recovery Passwords

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

China Calls Out U.S. For Hacking. The Proof? TBD!

Episode 255: EDM, Meet CDM – Cyber Dance Music with Niels Provos

Subscribe to Podcast