Heartbleed

  • Google Launches Project Zero To Find Security Bugs In Third-Party Software

    Google Launches Project Zero To Find Security Bugs In Third-Party Software

    Google today announced that it is launching Project Zero, an internal team of security specialists tasked with finding vulnerabilities in third-party software — not to exploit them, but to alert the developers and avoid the next Heartbleed.
    The Heartbleed bug put the whole software industry on heightened alert, and Google, Facebook, Microsoft and many others already formed a… Read More

  • The Internet Is Burning

    The Internet Is Burning

    Online security is a horrifying nightmare. Heartbleed. Target. Apple. Linux. Microsoft. Yahoo. eBay. X.509. Whatever security cataclysm erupts next, probably in weeks or even days. We seem to be trapped in a vicious cycle of cascading security disasters that just keep getting worse. Read More

  • Facebook, Google, Intel, Microsoft, NetApp, Qualcomm, VMware And The Linux Foundation Form New Initiative To Prevent The Next Heartbleed

    Facebook, Google, Intel, Microsoft, NetApp, Qualcomm, VMware And The Linux Foundation Form New Initiative To Prevent The Next Heartbleed

    The OpenSSL Heartbleed disaster definitely opened up many people’s eyes to how underfunded and understaffed many of the open source projects the web relies on are. To prevent the next Heartbleed, Facebook, Google, Intel, Microsoft, NetApp, Qualcomm, VMware and The Linux Foundation today announced the “Core Infrastructure Initiative.” This initiative will fund and support… Read More

  • US Government Will Detail Internet Exploits, Except When It Doesn’t Want To

    US Government Will Detail Internet Exploits, Except When It Doesn’t Want To

    Heartbleed kicked off a new chapter in the rollicking discussion of privacy, digital security, and the role of government in protecting its citizenry from threats both real and imagined. News of Heartbleed broke early last week, starting a soul-searching bit of Internet-scrambling by services large and small to examine their own networks and products to see if they were exposed to the flaw. Read More

  • Gillmor Gang: Deep Bench

    Gillmor Gang: Deep Bench

    The Gillmor Gang — Dan Farber, Kevin Marks, Semil Shah, Robert Scoble, Keith Teare, and Steve Gillmor — Heartbleed security hole, changing landscape of Twitter notifications, Brendan Eich’s exit from Mozilla, politically charged and leadership compromised, Condoleezza Rice heading to the Dropbox Board of Directors? Dropbox, OneNote, Evernote, Box. Office on the iPad… Read More

  • Report: NSA Exploited Heartbleed For Years. NSA: No

    Report: NSA Exploited Heartbleed For Years. NSA: No

    Update: An account associated with the NSA tweeted out a quick denial: “Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.” So, either Bloomberg was misled, misunderstood their information, or the NSA is lying. [A caveat: The Twitter account in question is being treated by the larger world as legitimate, but remains… Read More

  • Heartbleed, The First Security Bug With A Cool Logo

    Heartbleed, The First Security Bug With A Cool Logo

    It’s been fascinating to watch news of heartbleed, the massive OpenSSL exploit, spread on the web. After years of quietly putting us at risk, the general web user became aware of the exploit only a few days ago, and probably via heartbleed.com. Read More

  • What Bitcoin Users Need To Know About Heartbleed

    What Bitcoin Users Need To Know About Heartbleed

    If you’re using a bitcoin wallet or an online wallet or exchange, Heartbleed could be a very real problem for you and your BTC. Luckily, things have finally settled down after a few days of panic and there are a few very easy ways to ensure you’re protected. Read More

  • What Is Heartbleed? The Video

    What Is Heartbleed? The Video

    You’ve probably heard about Heartbleed. You’ve probably been told that, as far as security vulnerabilities go on the Internet, it’s pretty damned scary. But what is Heartbleed? How does it work? Why is it something that you should care about? This Khan Academy-style video tries to break it all down. Read More

  • OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk

    OpenSSL Heartbleed Bug Leaves Much Of The Internet At Risk

    A large chunk of the Internet is broken at the moment. OpenSSL, used by a host of companies and services to encrypt their data, contained a flaw for two years that, if exploited, allowed external parties to extract data from a server’s working memory in 64 kilobyte chunks. That’s not much, but it was a very repeatable exploit, meaning that nefarious parties could hit the 64… Read More

  • Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet

    Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet

    I saw a t-shirt one time. “I’m a bomb disposal technician,” it read. “If you see me running, try to keep up.” The same sort of idea can be applied to net security: when all the net security people you know are freaking out, it’s probably an okay time to worry. This afternoon, many of the net security people I know are freaking out. A very serious bug in… Read More