encryption
Confirmed Heartbleed victim: Canada Revenue Agency
The Canada Revenue Agency (CRA) has been breached by attackers that leveraged the newly discovered Heartbleed bug in OpenSSL and managed to compromise Social Insurance Numbers …
Heartbleed: Private crypto keys can be extracted from vulnerable servers
The recently discovered Heartbleed bug can be exploited to obtain private encryption keys from vulnerable websites, Web services firm CloudFlare confirmed late on Friday. The …
The effect of the Heartbleed bug on open source projects
The Heartbleed bug in OpenSSL is all the information security world is talking about these days. Many are beginning to realize, its existence has opened multiple cans of …
How does the Heartbleed bug affect me?
By now, you have surely heard about the “Heartbleed” bug discovered in Open SSL, and you’re wondering how its existence affects you. The situation is, …
Heartbleed OpenSSL vulnerability: A technical remediation
OpenSSL released an bug advisory about a 64kb memory leak patch in their library. The bug has been assigned CVE-2014-0160 TLS heartbeat read overrun. According to OpenSSL, the …
OpenSSL “Heartbleed” bug undermines widely used encryption scheme
OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, …
Yahoo encrypts traffic between data centers, plans for encrypted Messenger
Newly appointed Yahoo CISO Alex Stamos has announced on Wednesday that the company has begun fully encrypting all the traffic moving between its data centers. The move was …
Additional NSA-backed code found in RSA crypto products
A group of professors and researchers from several universities in the US and the Netherlands have tested the exploitability of various implementations of the infamous …
10,000 GitHub users inadvertently reveal their AWS secret access keys
GitHub developers who are also Amazon Web Services users are advised to check the code they made public on their project pages and to delete secret access keys for their AWS …
Gmail users get full, always-on HTTPS
Google has made good on its word and has introduced default encryption for all Gmail users. “Starting today, Gmail will always use an encrypted HTTPS connection when you …
SSL innovations
In this podcast recorded at RSA Conference 2014, Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, compares and …
New authenticated encryption algorithm is resistant to multiple misuse
Nippon Telegraph and Telephone Corporation, Mitsubishi Electric Corporation and the University of Fukui have jointly developed an authenticated encryption algorithm offering …
Featured news
Resources
Don't miss
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance