​The latest issue with SSL has been found by researchers and it is an issue with 1024 bit Diffie-Hellman key exchange.  This is a man-in-the-middle attack that can also downgrade vulernable TLS connections to 512-bit Export grade cryptography.  This is somewhat similar to the FREAK attack.  To learn more see https://weakdh.org – this page will […]

OpenSSL has released updates for OpenSSL version 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The new releases are 1.0.2a, 1.0.1k, 1.0.0p, and 0.9.8zd. https://www.openssl.org/news/secadv_20150319.txt This update fixes 2 Severity High issues, 9 Severity Moderate issues and 3 Severity Low issues.  OpenSSL is encouraging all customers using OpenSSL to upgrade immediately to keep your systems secure. If you […]

On Tuesday March 3, 2015 it was announced that a flaw in SSL Security that is based on a old 512 bit exportable encryption type had been found. This flaw affects web servers and some web browsers. You can test your browser at ​https://freakattack.com/ IE 11 is not affected, IE10 partially affected see Microsoft response below. […]

A serious security flaw has been found in the glibc libraries that are core component of Linux.  CVE-2015-0235 has been setup for this issue. It affects Red Hat Linux and its variants (CentOS, OracleLinux), Debian Linux and its variants like Ubuntu.  The GHOST bug is a overflow bug that has been found in the gethostbyname feature […]

Another major flaw has been found in Android affecting all devices with Android 4.3 and earlier.  Google has stated they will not fix the issue in Webkit leaving an estimated 960+ million devices to be at risk.  Google recommends that developers write their own viewers to cover this flaw. But like any security issue, it […]

It appears from a article just posted by Mary Jo Foley that Microsoft will provide the Windows 10 upgrade for free for users of Windows 7, Windows 8 and Windows 8.1.​  It will also include Windows Phone 8.1 phones.  The catch seems to be that the upgrade will only be available for one year from […]

Recently a report for the most commonly used passwords for 2014 has come out.  Variations on 123456 are in the top 11 most used passwords.  The best things to do when creating a password is to mis-spell the word used, using Numbers, Punctuation characters and symbols, and upper and lower case can also help.  But […]

​Chrome, Firefox and Internet Explorer are making the move to discourage the use of SHA1.  Microsoft started the push for changing from SHA1 to SHA2 about 1 year ago, Google is choosing to be aggressive in what it shows to users of Chrome browser which is due around November 20 something. With Chrome Chrome will […]

Another SSL Vulnerability has been found in SSL v3.0.  You should consider changing to use TLS 1.0, 1.1 or 1.2. It is recommended to disable SSL v 3.0 on your secure websites. I recommend disabling at least PCT 1.0, SSL 2.0, SSL 3.0 on your IIS Servers. IIS 3.0-6.0 http://support.microsoft.com/kb/187498 IIS 7.0+ http://support.microsoft.com/kb/245030 RedHat Linux products https://access.redhat.com/articles/1232123 […]

Red Hat found another flaw in BASH that has been assigned CVE-2014-7169.  This is in addition to CVE-2014-6271 in the previous Blog entry.  CVE-2014-7169 affects Red Hat 4, 5, 6, and 7.  Red Hat released the update today 9/26/2014 https://access.redhat.com/security/cve/CVE-2014-7169​ NIST http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 Debian https://www.debian.org/security/2014/dsa-3035 Ubuntu http://www.ubuntu.com/usn/usn-2363-2/ Oracle Linux http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html Cygwin for Windows – update released […]