The Heartbleed Story

[NewsCopy]

The OpenSSL project has just disclosed a devastating security flaw in the protocol that could expose the cryptographic keys and private communications from some of the most important services on the Internet._If you're running a server with OpenSSL 1.0.1 through 1.0.1f, it's vital that you update to OpenSSL 1.0.1g immediately. Installations running versions prior to OpenSSL 1.0.1 are unaffected by the issue. OpenSSL 1.0.2-beta users will need to address it. Heartbleed.com has a detailed explanation of the issue, which is related to the "heartbeat" section of OpenSSL's transport layer security (TSL) protocols.

This is even more dangerous than Apple's recent...

The rest of the story...
TheNextWeb

[Centrics]

The OpenSSL project on Tuesday disclosed a major security flaw called Heartbleed that could be used by those with malicious intent to spy on the “secret digital handshake” that takes place during secure transactions using Transport Layer Security (TLS) / Secure Sockets Layer (SSL) technology.



TechSpot

[Centrics]

SAN FRANCISCO — The discovery of a significant flaw in software that was supposed to provide extra protection for thousands of websites has thrown the tech world into chaos as experts scrambled to understand the scope of the vulnerability. On Tuesday, Tumblr, which is owned by Yahoo, became the

More...

[NewsCopy]

In case you didn’t hear the alarm bells going off late yesterday, the Intertubes have sprung a rather serious leak. A bug uncovered in OpenSSL — an open source toolkit for working with […]

The Rest of the story

[Centrics]

Terrible news, everyone: There’s a coding error in the OpenSSL cryptographic software library that allows anyone with the right tools and a little know-how to access secret encryption keys, usernames, passwords, and even content on sites using OpenSSL for protection. That includes roughly two-thirds of the Internet’s web servers,...

The rest of the story

[Centrics]

SAN FRANCISCO — A confounding computer bug called "Heartbleed" is causing major security headaches across the Internet as websites scramble to fix the problem and Web surfers wonder whether they should change their passwords to prevent theft of their email accounts, credit card numbers and other

More...

[Centrics]

The vulnerability in the widely used OpenSSL library used to secure Web transmissions allows attackers to scrape memory from servers, grabbing sensitive information. A widespread vulnerability in OpenSSL, the software library used to secure communications on the Web, has undermined the security on

More...

[Centrics]

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. Popular internet services like Yahoo Mail, Yahoo Messenger and many others are affected by this bug. Microsoft today confirmed that Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. _While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Azure. Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted. Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections._ Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed...

The rest of the story...
Microsoft News

[Centrics]

A major Internet security bug that affects websites like Google (GOOGL) and Facebook (FB) has been discovered, leaving users' financial details and emails vulnerable to theft by cybercriminals. The so-called "Heartbleed bug" was discovered in OpenSSL software-an encryption service used by around two

More...

[Centrics]

SAN FRANCISCO (KABC) -- A security breach has been revealed that could impact anyone who uses the Internet. Major sites are scrambling to correct a flaw that could put personal information like passwords, credit card numbers and other sensitive bits of information at risk. The threat, known as

More...

[Centrics]

SAN FRANCISCO, CA -- A confounding computer bug called "Heartbleed" is causing major security headaches across the Internet as websites scramble to fix the problem and Web surfers wonder whether they should change their passwords to prevent theft of their email accounts, credit card numbers and

More...

[Centrics]

This week, security researchers discovered a major bug called Heartbleed that affects almost two-thirds of the Internet, potentially exposing millions of passwords, credit card numbers, and other valuable information. Many popular websites like Yahoo, OkCupid, Github, and more were vulnerable.




TechSpot