Tag: heartbleed

It’s fine for vulnerabilities to have names — we just need not to take them too seriously

“What’s in a name? That which we call Heartbleed by any other name would be just as malicious.” — William Shakespeare (paraphrased) When OpenSSL vulnerability CVE-2014-0160 was discovered in April 2014, it was about as bad as vulnerabilities get: an attacker could read large chunks of server memory, including passwords and even private keys, merely…

April 13, 2016
A week of Heartbleed

OpenSSL vulnerability has kept the security community busy. The ‘Heartbleed’ vulnerability has kept everyone on their toes over the last week or so – hitting the mainstream media, prompting widespread warnings for users to change their passwords, and causing many admins to review the security of their web servers. Bruce Schneier, who is not known…

April 14, 2014
OpenSSL vulnerability lets attackers quietly steal servers’ private keys

Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators: CVE-2014-0160 allows an attacker to read the memory of a vulnerable server and thus obtain private encryption keys, passwords and other kinds of sensitive information. OpenSSL is a widely used open-source implementation…

April 7, 2014