September 27, 2016 OpenSSL Patch Gets Patched 2 min read - The OpenSSL patch issued on Sept. 22 was meant to fix a vulnerability, but it only caused more problems. The Sept. 26 update fixed the outstanding issues.
March 7, 2016 OpenSSL Keys Are Vulnerable to a Smartphone Listening Exploit 2 min read - A simple hardware listening system can expose the OpenSSL crypto keys used for smartphones to cybercriminals, putting users at risk.
March 3, 2016 OpenSSL Can Be DROWNed by New Vulnerability 2 min read - OpenSSL is vulnerable to DROWN, an attack based on support for the obsolete SSLv2 protocol, which leaves OpenSSL programs at risk.
August 20, 2015 LinuxCon: CII Program Will Give Badges to Open Source Projects With Strong Security 2 min read - Open source projects have gotten a bad rap in security circles thanks to Heartbleed and other flaws, but an industry consortium may change that.
July 15, 2015 Could Open-Source ‘Census Project’ Prevent the Next OpenSSL Flaw? 2 min read - The Core Infrastructure Initiative has released a ranking of open-source tools that should help the industry avoid problems in OpenSSL and similar tools.
June 15, 2015 New OpenSSL Releases Clear Logjam, Target Minor Flaws 2 min read - Multiple new OpenSSL releases finally clear the Logjam flaw and address other low-to-moderate vulnerabilities plaguing the encryption software.
Software Vulnerabilities December 8, 2014 CVE-2014-0195: Adventures in OpenSSL’s DTLS Fragmented Land 7 min read - Here is a look at the remote code execution bug in OpenSSL's DTLS, how it works and the different ways cybercriminals might leverage it for exploitation.
September 26, 2014 Shellshock: Where the Bash Bug Could Hit the Hardest 2 min read - The Bash bug, a new vulnerability known as Shellshock, could have a sizable impact on an untold number of devices, according to security experts.
Risk Management September 23, 2014 How to Improve Asset Management for Risk Assessment and Control 2 min read - Asset management can be improved when responsibilities are shared and the inventory system is established, frequently updated and quickly actionable.
August 28, 2014 Backoff Hacker Tool: Secret Service Warns Target Malware Still Active 3 min read - According to a recent Secret Service and Department of Homeland Security release, the Backoff hacker tool is still alive and well in American POS systems.