Neowin News Feed for: Openssl

Google drops OpenSSL in latest Chrome beta

Vlad Dudau — Thu, 24 Jul 2014 10:30:37 +0000

Google is dropping OpenSSL in its newest Chrome beta, in favor of its own forked version called BoringSSL. According to them, this should offer a more streamlined and secure experience for users. Read more...

300k servers still vulnerable to Heartbleed

James Walker — Sun, 22 Jun 2014 15:48:34 +0000

A new report has indicated that there are still over 300,000 unprotected servers running out-of-date versions of OpenSSL that is vulnerable to the critical Heartbleed bug from nearly two months ago. Read more...

New OpenSSL bug not as grave as Heartbleed, still bad for you

Christopher White — Fri, 06 Jun 2014 15:45:13 +0000

Another newly discovered bug in OpenSSL opens up the potential for an attacker to read and steal your information without you being able to detect it, but it's still nowhere near as bad as Heartbleed. Read more...

Four weeks later, HeartBleed lives on

Brockman Davis — Sun, 11 May 2014 00:07:36 +0000

Two separate estimates show that around half of the servers previously affected by HeartBleed are still susceptible. The estimates show around 318,239, or 2.33% of all servers are still vulnerable. Read more...

Microsoft joins new group created to head off next Heartbleed crisis

John Callaham — Thu, 24 Apr 2014 14:56:10 +0000

Microsoft is among the members of a new group called the Core Infrastructure Initiative which has been formed by the Linux Foundation to make sure OpenSSL issues such as Heartbleed don't happen again. Read more...

Healthcare.gov forces users to change passwords due to 'Heartbleed'

John Callaham — Mon, 21 Apr 2014 16:07:22 +0000

The "Heartbleed" OpenSSL exploit has led the U.S. government's Healthcare.gov site to require its users to change their passwords, saying that the decision was made "out of an abundance of caution." Read more...

First known arrest for exploiting HeartBleed security flaw

Brockman Davis — Mon, 21 Apr 2014 07:46:36 +0000

CRA Commissioner Andrew Treusch stated that over a period of six hours, the Social Insurance Numbers of around 900 people were removed from CRA computer systems. Read more...

NSA denies report it has been using "Heartbleed" OpenSSL exploit for spying

John Callaham — Sat, 12 Apr 2014 23:22:18 +0000

The National Security Agency is denying a report from Bloomberg that it was aware of the "Heartbleed" OpenSSL exploit for some time and used it to spy on others. Read more...

Microsoft: Our online services are not affected by "Heartbleed" OpenSSL issue

John Callaham — Sat, 12 Apr 2014 02:58:19 +0000

Microsoft has issued a statement saying their many online services and products like Skype, Office 365, Microsoft Azure, Yammer and others are not affected by the "Heartbleed" OpenSSL issue. Read more...

OpenSSL affected by "Heartbleed" zero-day vulnerability

Shreyas Gandhe — Tue, 08 Apr 2014 12:03:50 +0000

A new report has detailed a serious zero-day security vulnerability called "Heartbleed" affecting the OpenSSL cryptographic library caused due to a programming error and a fix is being worked on. Read more...