LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Cryptography
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



11 reasons encryption is (almost) dead  05 May 2014 
Source: Network World - Posted by Dave Wreski   
Everyone who has studied mathematics at the movie theater knows that encryption is pretty boss. Practically every spy in every spy movie looks at an encrypted file with fear and dread. Armies of ninjas can be fought. Bombs can be defused. Missiles can be diverted.
 
Heartbleed postmortem: OpenSSL's license discouraged scrutiny  02 May 2014 
Source: InfoWorld - Posted by Dave Wreski   
Weeks after the OpenSSL debacle, the question still stands: Why did so few people show up to work on such widely-used and important code? Since the problem arose, funds have flowed in to fix it at the behest of corporate giants, but before the crises, few volunteers participated. One leading open source expert has suggested a reason: licensing.
 
Hacker claim about bug in post-Heartbleed OpenSSL encryption likely a scam  28 April 2014 
Source: PC World - Posted by Dave Wreski   
Security experts have expressed doubts about a hacker claim that there’s a new vulnerability in the patched version of OpenSSL, the widely used cryptographic library repaired in early April.
 
Targeted Attack Uses Heartbleed to Hijack VPN Sessions  22 April 2014 
Source: ThreatPost - Posted by Alex   
A targeted attack against an unnamed organization exploited the Heartbleed OpenSSL vulnerability to hijack web sessions conducted over a virtual private network connection.
 
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia  22 April 2014 
Source: The Register UK - Posted by Dave Wreski   
Expunging the Heartbleed bug from vulnerable computers and gadgets is likely to take months, according to a leading vuln research firm. The cautionary assessment by Secunia comes as more and more products are judged to be vulnerable to the infamous OpenSSL security flaw.
 
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker  15 April 2014 
Source: The Register UK - Posted by Dave Wreski   
Twee UK parenting website Mumsnet is the second high-profile organisation to claim it has fallen victim to the infamous Heartbleed OpenSSL vulnerability.
 
Tests confirm Heartbleed bug can expose server's private key  14 April 2014 
Source: Network World - Posted by Dave Wreski   
Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.
 
Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?  12 April 2014 
Source: CloudFare - Posted by Dave Wreski   
Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys. The challenge was solved by Software Engineer Fedor Indutny and Ilkka Mattila at NCSC-FI roughly 9 hours after the challenge was first published.
 
Schneier on Heartbleed  10 April 2014 
Source: Schneier on Security - Posted by Dave Wreski   
Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.
 
The critical, widespread Heartbleed bug and you: How to keep your private info safe  10 April 2014 
Source: Network World - Posted by Dave Wreski   
No matter how hard you try to stay safe, some aspects of securing your online data are completely out of your hands. That fact was made painfully obvious on Monday, when the Internet got caught with its collective pants down thanks to a critical vulnerability affecting a fundamental tool for secure online communications.
 
<< Start < Prev 4 5 6 Next > End >>

Results 41 - 50 of 1131
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OphionLocker, A New Ransomware uses Elliptic Curve for Encryption
This Linux grinch could put a hole in your security stocking
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.