HackDig : Dig high-quality web security articles for hacker

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:444 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

The OpenSSL Project fixed a High Severity flaw CVE-2017-3733 in release 1.1.0

On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severit
Publish At:2017-02-16 18:05 | Read:2654 | Comments:0 | Tags:Breaking News Hacking Security CVE-2017-3733 OpenSSL SSL TLS

Roughly 200,000 Devices still affected by the Heartbleed vulnerability

More than two years after the disclosure of the HeartBleed bug, 200,000 services are still affected. Systems susceptible to Heartbleed attacks are still too many, despite the flaw was discovered in 2014 nearly 200,000 systems are still affected. Shodan made a similar search in November 2015 when he found 238,000 results, the number dropped to 237,539 resul
Publish At:2017-01-23 22:35 | Read:3506 | Comments:0 | Tags:Breaking News Hacking Reports Security CVE-2014-0160 encrypt

OpenSSL Project fixed the CVE-2016-7054 High severity DoS bug

The OpenSSL Project has released the OpenSSL 1.1.0c update that addresses several vulnerabilities, including a high-severity DoS flaw (CVE-2016-7054). The OpenSSL Project has released an update for the 1.1.0 branch (OpenSSL 1.1.0c) to fix a number of vulnerabilities. One of the issues solved with the update is the high severity denial-of-service (DoS) flaw C
Publish At:2016-11-13 01:00 | Read:2999 | Comments:0 | Tags:Breaking News Hacking Security CVE-2016-7054 DOS OpenSSL

Flawed MatrixSSL Code Highlights Need for Better IoT Update Practices

SSL is a primary layer of defense on the Internet that makes it possible to have authenticated private conversations even over an untrusted network. Implementing a robust and secure SSL stack, however, is not trivial. Mistakes can lead to large attack surfaces, such as what we witnessed with OpenSSL when “Heartbleed” was discovered.In the wake of “Heartbleed
Publish At:2016-10-11 01:55 | Read:6670 | Comments:0 | Tags:Cyber Security Featured Articles Heartbleed Internet of Thin

CVE-2016-2107 OpenSSL Flaw still affects many Alexa Top Sites

According to the security firm High-Tech Bridge many of the Alexa Top 10,000 websites are still vulnerable to the OpenSSL flaw CVE-2016-2107. The CVE-2016-2107 flaw affecting the open-source cryptographic library could be exploited to launch a man-in-the-middle attack leveraging on the ‘Padding Oracle Attack’ that can decrypt HTTPS traffic if the connection
Publish At:2016-05-31 15:05 | Read:3205 | Comments:0 | Tags:Breaking News Security CVE-2016-2107 encryption Hacking man-

A High-Severity flaw in OpenSSL allows the HTTPS Traffic decryption

OpenSSL has the patches for six flaws including two high-severity bugs that could allow attackers to decrypt HTTPS traffic and execute malicious code on the server. OpenSSL just released several patches to fix vulnerabilities in the open-source cryptographic library, including a couple of high-severity flaws (CVE-2016-2107, CVE-2016-2108) that could be expl
Publish At:2016-05-05 18:35 | Read:3449 | Comments:0 | Tags:Breaking News Hacking Security encryption man-in-the-middle

Aging and bloated OpenSSL is purged of 2 high-severity bugs

Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers.The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect s
Publish At:2016-05-04 02:10 | Read:4659 | Comments:0 | Tags:Risk Assessment Technology Lab Uncategorized encryption HTTP

A severe flaw in OpenSSL allows hackers to decrypt HTTPS traffic

Developers of OpenSSL issued a patch that fixes a high-severity vulnerability that allows attackers to decrypt secure traffic. The development team at the OpenSSL has issued a security patch to fix a flaw, coded as CVE-2016-0701, that could be exploited by hackers to decrypt secure traffic. The flaw was reported on January 12
Publish At:2016-01-30 06:40 | Read:2850 | Comments:0 | Tags:Breaking News Hacking Security encryption LogJam OpenSSL sec

OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches

The OpenSSL Software Foundation patched four vulnerabilities in the cryptographic software library on Thursday, likely marking the last time that two older versions of the library will receive updates.The group announced back in December 2014 that it would cease support for two of OpenSSL branches, 1.0.0 and 0.9.8 at the end of the 2015. Yesterday, in a secu
Publish At:2015-12-04 17:45 | Read:2805 | Comments:0 | Tags:Vulnerabilities Web Security DoS OpenSSL OpenSSL updates Pat

Core Infrastructure Initiative Launches Open Source Security Badge Program

The Core Infrastructure Initiative (CII), a consortium of technology companies guided by The Linux Foundation, has thrown good money at solving the security woes of open source software. Since its inception last year, it has provided funding for the OpenSSL project allowing it to hire full-time help and audit and clean its codebase. It has also helped suppor
Publish At:2015-08-19 07:15 | Read:2042 | Comments:0 | Tags:Vulnerabilities Web Security Adam Shostack CII Core Infrastr

OpenSSL CVE-2015-1793: Separating Fact from Hype

A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with “high severity”, the vulnerability allows attack
Publish At:2015-07-16 23:05 | Read:3820 | Comments:0 | Tags:Vulnerabilities digital certificate HTTPS OpenSSL SSL vulner

Census Project Identifies Open Source Tools at Risk

Heartbleed may have brought on a major case of heartburn last April for system admins worldwide, but a positive offshoot of the biggest of the Internet-wide bugs was that it opened a lot of eyes to the lack of support afforded even ubiquitous open source software projects.Shortly after Heartbleed was discovered in OpenSSL, a consortium called the Core Infras
Publish At:2015-07-11 00:00 | Read:2226 | Comments:0 | Tags:Critical Infrastructure Vulnerabilities Web Security Census

OpenSSL CVE-2015-1793

OpenSSL released a security advisory regarding CVE-2015-1793, a bug in the implementation of the certificate verification process: … from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause ce
Publish At:2015-07-10 18:35 | Read:2118 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security c

Critical OpenSSL bug allows attackers to impersonate any trusted server

There's a critical vulnerability in some versions of the widely used OpenSSL code library that in some cases allows attackers to impersonate cryptographically protected websites, e-mail servers, and virtual private networks, according to an advisory issued early Thursday morning.The bug allows attackers to force vulnerable end-user applications into trea
Publish At:2015-07-10 03:35 | Read:2175 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab cryptography o

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud