The attackers exploited the security vulnerability in OpenSSL running in the clients SSL VPN concentrator to remotely access active sessions. Researchers guessed heartbleed had infected two-thirds of all Web servers, and researchers at Sucuri reported Friday that just 2 percent of the top 1 million websites on the Internet remain…
Heart-Bleed , a over-rated vulnerability and the most famous vulnerability discovered till now
Big companies like Microsoft , Apple and other were vulnerable to it but they’ve patched it as its a serious kind of vulnerability which admin will never want to be exploited. The companies which were affected by this vulnerability notified their customers about it before the site was exploited. According…
Heartbleed – Better to Encrypt the Entire Internet
There are bundles of bugs, viruses but this time the Heartbleed bug crushed everyones faith in the secure web, but a world without the encryption software that Heartbleed exploited would be even worse. In fact, its time for the web to take a good hard look at a new idea:…
Heartbleed is being fixed by ORACLE in atleast 13 products
Oracle points out that all its cloud services should be Heartbleed-proof and that six of its products including Oracle Linux 6 and Solaris 10.2 were vulnerable but can be patched with existing updates. So Oracle has emitted its formal advice about Heartbleed, revealing it has 13 products that…
Canada Revenue Agency breach causes Heartbleed hacker arrested
Canadian police has arrested and charged, 19-year-old by a who allegedly exploited the Heartbleed bug to steal personal data from the Canadian Revenue Agency’s website. Stephen Arthuro Solis-Reyes, grabbed 900 social insurance numbers (SINs) over a period of six hours, marks the first time that authorities have apprehended someone…
Why a hacker got paid for finding the Heartbleed bug
Heartbleed vulnerability has everyone running. The serious crack in the foundations of the supposedly secure internet was revealed earlier this week by a software engineer probing website security in his spare time. He received a cash bounty for his work, which he then donated to the Freedom of the Press…
SANS warned to end users against Heartbleed
In the fourth briefing on the bug from the SANS Institute’s Internet Storm Centre (ISC), the risk of Heartbleed client-side attacks and recommendations for end users is focused. “A lot of the effort initially has been on servers, and servers are certainly at the most risk not just…
NSA used Heartbleed for years
Bloomberg news reports that NSA had been using Heartbleed from many years, OpenSSL encryption software used by a majority of websites and a multitude of other pieces of Internet infrastructure. Atleast 2 sources told Bloomberg that NSA had been using HeartBleed 0day for almost 2 years. One source told Bloomberg:-…
Heartbleed: Serious OpenSSL 0day Vulnerability Revealed
Everyday new security bugs are being discovered. And one of these newly identified bugs is the the so-called Heartbleed Bug in the OpenSSL cryptographic library. While Heartbleed only effects OpenSSL’s 1.0.1 and the 1.0.2-beta release, 1.01 is already broadly deployed. Since Secure-Socket Layer (SSL) and Transport Layer Security (TLS) are…