Real MITM attacks enabled by Komodia’s software might have already happened
When the issue of Lenovo’s pre-installed SSL-breaking Superfish adware first gained widespread media recognition, the company’s CTO Peter Hortensius tried to do …
Superfish not the only app using Komodia’s SSL-busting code
As Lenovo backtracked on its initial position that the Superfish adware pre-installed on some of its notebooks is not a security danger, and released a security advisory about …
How to wipe Superfish adware and offending cert from your Lenovo laptop
After the recent revelation that Lenovo has been shipping some of it laptops with pre-installed adware that’s also breaking the security of secure connections by using …
Lenovo computers come with pre-installed adware and MITM proxy
If you have recently bought a new Lenovo computer, you’re in for a nasty surprise: the company has been shipping them with pre-installed adware. And, what’s even …
OpenSSL release patches 8 vulnerabilities
The OpenSSL Project has released updates for the popular eponymous open-source library that implements the SSL and TLS protocols. The new releases – 1.0.1k, 1.0.0p and …
POODLE attack now targeting TLS
There’s a new SSL/TLS problem being announced today and it’s likely to affect some of the most popular web sites in the world, owning largely to the popularity of …
New OpenSSL updates fix POODLE, DoS bugs
The OpenSSL Project has pushed out new releases of the popular eponymous open-source cryptographic library, which fix four serious vulnerabilities, including the POODLE …
POODLE vulnerability: The end of life of SSL 3.0
There is a critical security vulnerability in SSL 3.0 which allows attackers to calculate the plaintext of encrypted connections, and it will likely spell the end of the use …
Flawed reused code opens zero-day in Cyanogenmod
An unnamed security researcher says that Cyanogenmod, the popular Android-based mobile OS, sports a zero-day vulnerability that can be misused to target users with …
CloudFlare offers free SSL encryption
Web performance and security company CloudFlare today launched Universal SSL, making Secure Socket Layer (SSL) encryption available to anyone at no cost. “Yesterday …
Critical SSL flaw patched in Firefox, Thunderbird, Chrome
If you are a Mozilla Firefox, Thunderbird or Seamonkey user, you should implement the latest patches issued by the company as soon as possible, as they fix a critical bug …
Bulletproof SSL and TLS
Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice …