Heartbleed: OpenSSL Vulnerability News And Analysis
Earlier this month a vulnerability was discovered in OpenSSL, exposing many websites that encrypt data in transit. The vulnerability, dubbed the Heartbleed bug, created panic and misinformation and led many solution providers to warn their clients about the vulnerability.
CRN has the latest news and analysis relating to Heartbleed to help solution providers cut through the hyperbole and arm them with the information needed to protect clients from the OpenSSL vulnerability.
Solution providers are warning their clients of a vulnerability in OpenSSL that was patched this week that could be used to view encrypted communications on a web server.
Facebook, Google Gmail and Amazon Web Services, among other services, are urging users to change their passwords in response to the Heartbleed bug.
The CRN Test Center gives tips on how to fix Heartbleed, patch the OpenSSL bug and make it safe so users can stop worrying about open source security.
The National Security Agency knew about the Heartbleed bug and used it to gain access to account credentials to support its surveillance activities, according to a Bloomberg report that cited two unidentified sources.
System administrators have been busy patching web servers and other networking gear to address the Heartbleed bug, but cloud security firm CloudFlare set up a test to examine the seriousness of the threat. Here's what it found.
Both networking companies issue advisories, identifying the affected products as well as those still under investigation.
The OpenSSL implementation of SSL and TLS protocols is used in a wide variety of networking gear. Here are a dozen high-profile networking vendors that have been impacted by the Heartbleed bug.
Video: How To Reduce The Risk Of Data Breaches
The Linux Foundation said it is receiving a $3.6 million investment from a dozen tech firms for infrastructure improvements, beginning with a project to improve OpenSSL.
The Canada Revenue Agency, which manages the government's taxing authority, says the attack occurred over a six-hour period following the disclosure of the OpenSSL flaw.
Solution providers say there has been significant effort identifying Web servers that are open to the Heartbleed bug, but SSL VPN appliances may have fallen lower on the priority list.