Google researchers released a paper that describes how SSLv3 can be compromised to steal sensitive information, pretty much forcing all webservers to only support the newer TLS protocols.
Heartbleed RSS
Google is dropping OpenSSL in its newest Chrome beta, in favor of its own forked version called BoringSSL. According to them, this should offer a more streamlined and secure experience for users.
Google has announced a new research program called Project Zero in order to counter security threats caused by zero-day vulnerabilities such as the recent "Heartbleed" bug in OpenSSL.
A new report has indicated that there are still over 300,000 unprotected servers running out-of-date versions of OpenSSL that is vulnerable to the critical Heartbleed bug from nearly two months ago.
Two separate estimates show that around half of the servers previously affected by HeartBleed are still susceptible. The estimates show around 318,239, or 2.33% of all servers are still vulnerable.
Two popular open source login systems, OAuth and OpenID, can be affected by the "Covert Redirect" exploit to take personal data from users, according to a new study from a security researcher.
Microsoft is among the members of a new group called the Core Infrastructure Initiative which has been formed by the Linux Foundation to make sure OpenSSL issues such as Heartbleed don't happen again.
Google is actively looking to simplify encryption of end to end communication between users of its email service following the recent revelations regarding NSA surveillance and the PRISM project.
The "Heartbleed" OpenSSL exploit has led the U.S. government's Healthcare.gov site to require its users to change their passwords, saying that the decision was made "out of an abundance of caution."
CRA Commissioner Andrew Treusch stated that over a period of six hours, the Social Insurance Numbers of around 900 people were removed from CRA computer systems.
A new report from the Sucuri security firm claims most of the top visited websites have now closed the OpenSSL "Heartbleed" exploit, but over 20,000 of the top 1 million sites are still vunerable.
The National Security Agency is denying a report from Bloomberg that it was aware of the "Heartbleed" OpenSSL exploit for some time and used it to spy on others.
Microsoft has issued a statement saying their many online services and products like Skype, Office 365, Microsoft Azure, Yammer and others are not affected by the "Heartbleed" OpenSSL issue.
A new report has detailed a serious zero-day security vulnerability called "Heartbleed" affecting the OpenSSL cryptographic library caused due to a programming error and a fix is being worked on.
