Security News

GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin
2020-06-10 06:01

GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack. The flaw allowed GnuTLS servers to use session tickets issued during a previous secure TLS 1.3 session without accessing the function that generates secret keys, gnutls session ticket key generate().

Evolution of OpenSSL Security After Heartbleed
2019-12-26 13:28

OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014. read more

FileZilla fixes show how far we’ve come since Heartbleed
2019-08-05 13:59

What have seven security fixes in FileZilla got to do with 2014's Heartbleed bug?

Heartbleed Persists on 200,000 Servers, Devices (Threatpost)
2017-01-23 18:31

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.

OpenSSL Operating With Renewed Vision Two Years After Heartbleed (Threatpost)
2016-03-03 13:00

At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL's Development Team described some benefits the nasty bug afforded them.