OpenSSL

VENOM Vulnerability Renews Shared Code Worries

In-brief: The recently disclosed VENOM vulnerability dispels the myth that virtual machines are immune to cyber attacks, and raises important questions about our reliance on shared code.

Certificate Interruptus: Survey Finds Heartbleed Fixes Incomplete At Most Firms

In-brief: Three quarters of Global 2000 organizations have yet to fully remediate the Heartbleed vulnerability one year after it was discovered, according to a study by the firm Venafi.

OpenSSL Issuing Fixes for High Severity Flaws on Thursday

In-brief: The OpenSSL Project is publishing software updates to address a range of security flaws, at least one of them rated “critical.” The update comes amid a comprehensive audit of the OpenSSL code. 

Sabotaging Encryption Software – The Perfect Crime?

  In-brief: A report from Bruce Schneier and researchers at the Universities of Wisconsin and Washington surveys the (many) ways that cryptographic protections can be weakened or subverted, and calls for research on fool-proof technologies. 

Ghost Vulnerability Replays Third Party Code Woes

In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.