Heartbleed

Over 300k websites still haven’t patched for Heartbleed

Over 300k websites still haven’t patched for Heartbleed

In April of this year a security hole called Heartbleed was revealed as one of the largest of its kind in history. The vast majority of websites on the internet were left open to this bug, only being patched after many, many years of being left open for any hacker to take advantage of. Now - even two months after its discovery, well over 300,000 web servers are still unpatched.

Continue Reading

HTC plans Heartbleed fix over top legacy Android risk

HTC plans Heartbleed fix over top legacy Android risk

Half of the top ten Android smartphones susceptible to Heartbleed hacks are made by HTC, security research firm Lookout claims, with phones like the HTC One X+ and Desire X still running older versions of Google's OS that are unpatched. Lookout describes the issues as "a curse of these phones' own success," with popular hardware unable to support the latest, safer Android versions. However, HTC tells SlashGear that it has a fix in the works.

Continue Reading

NSA denies Heartbleed knowledge and exploitation

NSA denies Heartbleed knowledge and exploitation

The NSA has denied knowledge of the Heartbleed bug, following allegations that not only did the security agency discover the exploit two years ago, but that it opted to keep it secret so as to use it in its spy tool arsenal. Anonymous insiders claimed earlier that the National Security Agency had identified Heartbleed - which left as many as two-thirds of websites vulnerable to password and data theft - as part of its regular efforts at hunting down potentially useful bugs and hacks.

Continue Reading

NSA exploited Heartbleed for two years claim insiders [Updated]

NSA exploited Heartbleed for two years claim insiders [Updated]

The NSA has not only known about the Heartbleed bug for at least two years, but exploited it in regular surveillance attacks, insider sources have alleged, opting to keep the security flaw a secret because of its value to intelligence gathering. Heartbleed, which has forced companies big and small to update the security of their sites after a flaw in the SSL believed to be keeping users' details safe, has prompted a mass change in passwords over the past week.

Continue Reading

Apple unaffected by Heartbleed, adds to sites patched list

Apple unaffected by Heartbleed, adds to sites patched list

This week the folks at Apple have added to the stacks of sites making clear that they were either unaffected by the Heartbleed bug or have been patched successfully. Apple has released a statement that suggests they "take security very seriously" and that iOS and OS X "never incorporated the vulnerable software" in the first place. They also made clear that "key web-based services were not affected" either.

Continue Reading

Your Heartbleed bug fix in three steps

Your Heartbleed bug fix in three steps

This week there’s little question that the internet security world has been tossed down a flight of stairs. With Heartbleed, a relatively major bit of a mistake was made in OpenSSL, a form of security that most of the internet uses, resulting in a major open door for hackers and spies of all kinds. With this bug having only been discovered this week and implemented a whopping two years ago, IT professionals are notably miffed.

Continue Reading

Heartbleed bug coder: it was a mistake

Heartbleed bug coder: it was a mistake

There should have been little doubt that once the Heartbleed bug was realized, one of the first things the public was going to do was go on a witch hunt for the person or people responsible. As it were, Mr. Robin Seggelmann of Münster in Germany says that he was only aiming to improve OpenSSL, and all allegations that he may have introduced the bug on purpose are false.

Continue Reading

1 2