Heartbleed News, Articles and Updates

Oracle issues emergency patch for JoltandBleed bug in Tuxedo middleware

Oracle Corporation issued a series of emergency patches on Tuesday last week, fixing five vulnerabilities in its Tuxedo middleware platform, including a critical one that has been compared to Heartbleed.

4SICS: Shodan founder says IoT here to stay despite security holes

According to John Matherly - internet cartographer, security gadfly and founder of IoT-search engine Shodan - the internet of connected things is very much here to stay.

Old computing code puts millions at risk as glibc vulnerability exposed

Anyone running glibc 2.9 or above should upgrade to a later version or apply a vendor patch now as malware authors will be looking at this bug closely given its remote code execution capabilities says Carl Leonard.

90% of SSL VPNs have outdated or insecure encryption

Nine out of 10 SSL VPN servers use insecure or outdated encryption, which puts corporate data at risk.

PCI SSC pushes back deadline for secure TLS

The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.

Advantech described as 'Lazy 'in fixing vulnerability

Having recently rushed to fix a vulnerability on one of its products, Advantech has reportedly opened up the door for new vulnerabilities.

Heartburn: 200,000 devices 'still susceptible' to Heartbleed bug

As the patching cycle becomes ever longer, some experts are pushing for mandatory security updating of critical IoT devices.

High-severity OpenSSL vulnerability patched

The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.

Zeus and Conficker malware return to haunt UK companies

Old malware variants, the Zeus Trojan and the Conficker computer worm, remain a huge problem for most UK companies, according to CERT-UK's first annual report.

OpenSSL patches 'high severity' bug - but it's no Heartbleed

The OpenSSL group has patched numerous flaws with the release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, including a "high severity" bug which, fortunately, is not as serious as Heartbleed or Poodle.

Jetty web servers vulnerable to Heartbleed-style attacks

A critical flaw found on open-source Jetty HTTP web servers could - if left unpatched - lead to hackers hijacking internet sessions and stealing sensitive data.

Bash flaw threatens hundreds of millions of servers

Systems admins are being warned of a decades-old bug that means hundreds of millions of systems - ranging from Unix/Linux web servers to possibly Apple devices and WiFi routers - can be easily hijacked.

Heartbleed: Still a security risk

The Heartbleed security issue may be six months old, but it remains a major problem.

HeartBleed - further lessons

Further lessons from Heartbleed, beyond the hype, include caution when listening to advice, such as re-setting passwords, says Chris Russell.

Heartbleed (remediation) has improved open source cybersecurity

The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.

300,000 servers still vulnerable to Heartbleed bug

Two-and-a-half months on from the discovery of the Heartbleed bug affecting OpenSSL security, and one security researcher claims that the flaw still affects 300,000 servers.

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

HeartBleed - How we failed!

The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.

ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL

This week's In Case You Missed It column looks at Vladimir Putin's Internet views, bigger and badder DDoS attacks, and further reaction to OpenSSL and Heartbleed.

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Update: Government slated as Mumsnet becomes first UK Heartbleed victim

The Government's reaction to the 'Heartbleed' flaw has been criticised after the Mumsnet parenting site became the UK's first known victim of Heartbleed hackers.

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell