Tag: openssl
-
DROWN
Another day, another SSL attack. A new, low-cost attack has been found, that decrypts sensitive communications in a matter of hours and in some cases almost immediately. I hereby name you DROWN! And CVE-2016-0800. The attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through SSLv2, a TLS precursor…
-
Heartbleed finally results in some resources for OpenSSL
Heartbleed continues to cause enormous issues around the globe and is being actively attacked. Saying that, the bulk of solutions and systems out there using OpenSSL have been patched by now so the risk surface is growing smaller and smaller by the day. OpenSSL President Steve Marquess wrote in a blog post last week that…