OpenSSL News, Articles and Updates

OpenSSL change to Apache Licence v2.0 sparks concerns over author rights

Critics upset over lack of consultation over licensing move as the OpenSSL project moves to Apache License v 2.0, a move which may affect hundreds of contributors.

Recent OpenSSL Patches Show Why Using Containers to Enhance Vulnerability Response Plans is a Good Idea

Tim Mackey explains the value of taking a container approach to vulnerability response plans

OPenSSL patch introduced flaw, critical fix advised

Critical bug in patch means OPenSSL security fix needs fixing.

WhiteHat reports The FREAKS are out

Whitehat's top 10 web hacking techniques of 2015 have been released and the freaks have topped the list.

Drown attack could break TLS for third of websites

A new vulnerability could kill a certain kind of encryption for plenty of websites. An OpenSSL update has been rushed out to fix major flaw.

Flaws in LibreSSL could open web servers to attack

Fork of OpenSSL has serious vulnerabilities that could open servers to remote code execution.

Heartburn: 200,000 devices 'still susceptible' to Heartbleed bug

As the patching cycle becomes ever longer, some experts are pushing for mandatory security updating of critical IoT devices.

OpenSSH flaw opens the door to brute force attackers

A flaw in OpenSSH could let attackers bypass limits imposed on password login attempts, to launch brute force attacks and steal credentials.

High-severity OpenSSL vulnerability patched

The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.

OpenSSL patches and releases new versions

The OpenSSL Project released OpenSSL 1.0.2b, 1.0.1n, 1.0.0s and 9.9.8zg, which patched five security issues, including the Logjam vulnerability.