Heartbleed: OpenSSL Vulnerability News And Analysis

CRN provides the latest on the Heartbleed bug, providing news and analysis related to the OpenSSL vulnerability.


Earlier this month a vulnerability was discovered in OpenSSL, exposing many websites that encrypt data in transit. The vulnerability, dubbed the Heartbleed bug, created panic and misinformation and led many solution providers to warn their clients about the vulnerability.

CRN has the latest news and analysis relating to Heartbleed to help solution providers cut through the hyperbole and arm them with the information needed to protect clients from the OpenSSL vulnerability.

Heartbleed OpenSSL Bug Needs Serious Attention, Say Experts

Solution providers are warning their clients of a vulnerability in OpenSSL that was patched this week that could be used to view encrypted communications on a web server.

Heartbleed Havoc: 10 Passwords You Need To Change Right Now

Facebook, Google Gmail and Amazon Web Services, among other services, are urging users to change their passwords in response to the Heartbleed bug.

Five Essential Facts About Heartbleed And OpenSSL

The CRN Test Center gives tips on how to fix Heartbleed, patch the OpenSSL bug and make it safe so users can stop worrying about open source security.

Report: NSA Knew About Heartbleed Bug, Used It For Surveillance Activities

The National Security Agency knew about the Heartbleed bug and used it to gain access to account credentials to support its surveillance activities, according to a Bloomberg report that cited two unidentified sources.

Heartbleed Overblown? Experts Test Seriousness Of OpenSSL Bug

System administrators have been busy patching web servers and other networking gear to address the Heartbleed bug, but cloud security firm CloudFlare set up a test to examine the seriousness of the threat. Here's what it found.

Heartbleed Bug Discovered In Cisco, Juniper Gear

Both networking companies issue advisories, identifying the affected products as well as those still under investigation.

Love Hurts: 12 Networking Vendors Hit By Heartbleed

The OpenSSL implementation of SSL and TLS protocols is used in a wide variety of networking gear. Here are a dozen high-profile networking vendors that have been impacted by the Heartbleed bug.

Video: How To Reduce The Risk Of Data Breaches

Heartbleed Prompts Open Source Donation From Cisco, Other Tech Giants

The Linux Foundation said it is receiving a $3.6 million investment from a dozen tech firms for infrastructure improvements, beginning with a project to improve OpenSSL.

Heartbleed Victim: Canadian Agency Takes Additional Security Measures

The Canada Revenue Agency, which manages the government's taxing authority, says the attack occurred over a six-hour period following the disclosure of the OpenSSL flaw.

Mandiant Researchers: Heartbleed Attack Bypasses Multifactor Authentication, Hijacks VPN Sessions

Solution providers say there has been significant effort identifying Web servers that are open to the Heartbleed bug, but SSL VPN appliances may have fallen lower on the priority list.