Heartbleed: When Is It Good to Name a Vulnerability?

May 14, 2024 at 08:40AM In 2014, a critical vulnerability in OpenSSL, dubbed Heartbleed (CVE-2014-0160), was discovered, allowing attackers to extract sensitive information from servers. Codenomicon branded the flaw with a logo and website, raising awareness and prompting organizations to patch systems. The practice of naming vulnerabilities has sparked debates about caution versus hype in … Read more

Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!

April 2, 2024 at 07:09AM The Heartbleed bug turned ten years old on April 1, posing a risk of reoccurrence due to quantum computing. The bug, identified in 2014, affected a vast portion of the internet, allowing attackers to steal sensitive data. Quantum decryption could amplify this threat, leading to potential economic and security crises. … Read more

Passive SSH server private key compromise is real … for some vulnerable gear

November 13, 2023 at 09:44PM An academic study has revealed that it is possible for someone to intercept SSH connections and impersonate devices by deducing private RSA keys. This allows the attacker to eavesdrop on users’ login details and monitor their activities on remote SSH servers. The vulnerability primarily affects Internet of Things devices and … Read more