Security advisories for OpenSSL should not be used for competitive advantage, according to the development project behind the widely used cryptography component.
The warning comes from the OpenSSL Project, which has published for the first time guidelines for how it internally handles security problems, part of an ongoing effort to strengthen the project following the Heartbleed security scare in April.
The first "preview" release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a "catastrophic failure" in the version for Linux.
Several key technology vendors are yet to fully patch against the OpenSSL cryptographic library used to secure networked communications, a leading Australian security researcher has warned.
The Heartbleed vulnerability in OpenSSL, first revealed to the public in April this year, makes it possible for attackers to tap into what was thought to be secure, encrypted communications unnoticed.
Android fans who are hoping Google will debut a new version of the OS at its annual I/O conference in San Francsico next week might be in for a disappointment ... because the company is rolling out a new version this week.
On Friday, the Chocolate Factory published firmware images of Android 4.4.4 – yes, we're still talking "KitKat" – for the Nexus 4 and 5 phones and the Nexus 7 and 10 fondleslabs. The build number of the new release is KTU84P.
The OpenSSL project has reported fixes for several vulnerabilities, at least one of them serious.
The most significant vulnerability is SSL/TLS MITM vulnerability (CVE-2014-0224). Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.