OpenSSL

Pierluigi Paganini July 21, 2014
Siemens industrial products affected by OpenSSL vulnerabilities

The ICS-CERT has issued a security advisory related to the existence of OpenSSL vulnerabilities affecting different Siemens industrial products. Several Siemens industrial products are affected by four vulnerabilities in their OpenSSL implementation which could be remotely exploited to run a man-in-the-middle (MitM) attack or to cause the crash of web servers of the products. Critical infrastructure […]

Pierluigi Paganini June 06, 2014
New critical flaws discovered in OpenSSL, patch now

The OpenSSL Foundation has fixed a series of new vulnerabilities, two of them considered critical. Organizations are invited to apply patches asap. The Open SSL has provided a collection of updates for its libraries to fix a series of new vulnerabilities recently reported. The exact number of vulnerabilities affecting OpenSSL is 6 and two of them are […]

Pierluigi Paganini June 05, 2014
The GnuTLS Hello flaw leaves vulnerable SSL clients

Experts at security firm Codenomicon discovered a critical buffer overflow vulnerability in the implementation of the GnuTLS software. GnuTLS, a free software implementation of SSL/TLS/DTLS protocols, it offers a set of application programming interface (API) to enable secure communication over their network transport layer. News of the day is that the widely used cryptographic library is vulnerable […]

Pierluigi Paganini April 18, 2014
The impact of the HeartBleed Bug on Tor Anonymity

The presence of nearly 380 servers in the Tor Network, 12 percent of the exit capacity, running the vulnerable version of OpenSSL could have compromised user’s anonymity. The Heartbleed bug is the flaw in the popular OpenSSL library that is scaring the security communities, many security experts hiphotesized that Intelligence agencies, including NSA, have exploited the bug to spy on […]

Pierluigi Paganini April 14, 2014
How many mobile Users could be affected by Heartbleed flaw?

Heartbleed is the security flaw that is scaring IT industry, which is its impact on the mobile worlds? How many Smartphone Users could be affected? Heartbleed flaw is the argument that most of all is capturing the attention of the media in this period,  billions of users worldwide have been impacted, there are thousands solutions affected […]

Pierluigi Paganini April 13, 2014
BlackBerry and CISCO products are affected by Heartbleed vulnerability

CISCO and BlackBerry started to evaluate the impact of Heartbleed vulnerability on their products … unfortunately,the list of affected solutions is long. So far we have discussed the Heartbleed vulnerability by not investigating which are the products on the market that really are suffering it. We realized that the Heartbleed vulnerability potentially allows any attacker to access […]

Pierluigi Paganini April 12, 2014
Heartbleed flaw was already exploited for cyber attacks by NSA

The US National Security Agency knew for at least two years about the Heartbleed flaw, and exploited it for cyber attacks according Bloomberg. The Internet community was shocked by the disclosure of the Heartbleed flaw, the vulnerability affects OpenSSL library and allows an attacker to reveal up to 64kB of memory to a connected client or […]

Pierluigi Paganini April 11, 2014
Statistics on the impact of Heartbleed on Select Top Level Domains

The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact. It’s been just over 48 hours after the disclosure of the news about the Heartbleed vulnerability, the serious flaw which affect OpenSSL library that allows an attacker to reveal […]

Pierluigi Paganini April 08, 2014
Heartbleed Bug is a serious flaw in the OpenSSL cryptographic library

The Heartbleed Bug is a serious flaw in the popular OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server. Experts which provide maintenance to OpenSSL library have patched a serious vulnerability (CVE-2014-0160) that allows an attacker to gain the access to 64 KB of memory […]