The Heartbleed Bug
was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.
All of the above is a direct quote and authored by the fine folks at heartbleed.com. It may be worth noting that one of the measures recommended (and indeed a good idea) - certificate revocation. Unfortunately, certificate revocation has some problems. [more inside]
posted by el io
on Apr 7, 2014 -
“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days
, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.
posted by Chrysostom
on Feb 14, 2013 -
Do you have a 'Super Cookie' ??? Another m$ screw-up...
Very interesting since wmp just minutes before tried to access the net through my firewall that is set to block all except a few programs. If you're running mozilla his demo
doesn't hit but using msie it sures pulls up the ID# of my wmp... time to tighten things down again!!! Another blasted waste of time to fix what m$ should not have let out in the first place!!! Link via... Inflight Correction
posted by tilt
on Jan 17, 2002 -
More news on the IIS exploit
After acknowledging the problem last week, Micro$oft is now saying that the backdoor in IIS... is a flaw. M$ Technet seems to have a fix
for this problem, delete the offending file! So, if systems are your bag, my advice is to start researching security
if you are running M$ internet server products (SQL 7, Exchange, IIS, Index Server, etc.).
posted by Dean_Paxton
on Apr 17, 2000 -