Many years since a backdoor was discovered, probably planted by the NSA, public pressure finally forces NIST to formally remove Dual_EC_DRBG from their recommendations.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
A total of 33 vulnerabilities patched, most in iOS. Only the Airport Base Station was vulnerable to Heartbleed.
All it will take is one major player to endorse LibreSSL as compatible and functional and OpenSSL adoption will crumble.
In the wake of Heartbleed, a well-known open source development group is creating a simpler, cleaner version of the dominant OpenSSL.
There's a dirty little industry secret: The classic methods of certificate revocation don't really work. That's why Google Chrome doesn't do certificate revocation checking the normal way.
Adding to a list of victims that includes Comcast, NullCrew released evidence it added nine targets including Spokeo, the International Civil Aviation Organization, the University of Virginia and others to its tally of hacked victims.
[UPDATED] A bad update caused users of many Microsoft security products, not just Security Essentials, to experience "interrupted service". The latest update fixes the problem.
If the NSA really did have Heartbleed "for years" as was claimed recently by Bloomberg news, they wouldn't need to go after Lavabit. They wouldn't even want to.
Appeals court doesn't examine constitutional issues raised by Lavabit and finds against them for legal errors.
[UPDATED] Millions of SSL certificates need to be revoked and reissued. The Internet and the PKI were not designed for this. Congestion will reign.