Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Podcast: Rauli Kaksonen on discovering Heartbleed

It’s been two years since a critical vulnerability, CVE-2014-0160 better known as Heartbleed, was first disclosed. The flaw, found in certain older versions of OpenSSL, did not properly handle Heartbeat Extension packets, protocol is to determine the persistence of the another machine in a transaction, in this case the encryption between a client and a server. It affected hundreds of thousands of popular websites, and allowed an attacker to request more than a simple response; it could allow for the leakage of passphrases and encryption keys.

Continue Reading...

Posted in Open Source Security, Software Architecture & Design | Comments Off on Podcast: Rauli Kaksonen on discovering Heartbleed

 

Early notice of Badlock bug draws criticism

The Badlock bug website went live three weeks ahead of full disclosure and software updates. But some practitioners question the need for the early notice.

Continue Reading...

Posted in Software Architecture & Design | Comments Off on Early notice of Badlock bug draws criticism

 

Backdoor found in government AV equipment

A supplier for audio-visual equipment to the US federal government on Thursday issued an update to its products that removed a potential backdoor that could allow “higher privileges than even administrative access to the system via the backdoor,” according to the researchers who first reported it.

Continue Reading...

Posted in Uncategorized | Comments Off on Backdoor found in government AV equipment