The first "preview" release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a "catastrophic failure" in the version for Linux.
Several key technology vendors are yet to fully patch against the OpenSSL cryptographic library used to secure networked communications, a leading Australian security researcher has warned.
The Heartbleed vulnerability in OpenSSL, first revealed to the public in April this year, makes it possible for attackers to tap into what was thought to be secure, encrypted communications unnoticed.
Android fans who are hoping Google will debut a new version of the OS at its annual I/O conference in San Francsico next week might be in for a disappointment ... because the company is rolling out a new version this week.
On Friday, the Chocolate Factory published firmware images of Android 4.4.4 – yes, we're still talking "KitKat" – for the Nexus 4 and 5 phones and the Nexus 7 and 10 fondleslabs. The build number of the new release is KTU84P.
The OpenSSL project has reported fixes for several vulnerabilities, at least one of them serious.
The most significant vulnerability is SSL/TLS MITM vulnerability (CVE-2014-0224). Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.
Security experts have expressed doubts about a hacker claim that there’s a new vulnerability in the patched version of OpenSSL, the widely used cryptographic library repaired in early April.
A group of five hackers writes in a posting on Pastebin that they worked for two weeks to find the bug and developed code to exploit it. They’ve offered the code for the price of 2.5 bitcoins, around US$870.