So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]
openssl
Important OpenSSL Patch – 6 More Vulnerabilities
So after the Heartbleed vulnerability in OpenSSL that turned the World upside down, there has a been a lot of focus on the codebase and the manner in which it was written. They’ve raised a bunch of money, an audit is underway and there has even been a fairly serious branch named LibreSSL (who are […]
Heartbleed Bug SSL Vulnerability – Everything You Need To Know
Introduction So the Internet has been exploding this week due to the Heartbleed Bug in OpenSSL which effects a LOT of servers and websites and is being hailed by some as the worst vulnerability in the history of the Internet thus far. The main info on the bug can be found at http://heartbleed.com/. In basic […]
Boffins Crack OpenSSL Library Using Power Fluctuations
[ad] Now this is a very interesting technique, as far as I know I’ve not seen anything similar to this before. It’s like a rather bizarre meld of hardware hacking and software exploitation using cryptographic algorithm cracking techniques. Some rather smart fellas have found a way to extract the private SSL key from a device […]