Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT


  HeartBleed: OpenBSD now starts to clean up OpenSSL

Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system. Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own cod...

   HeartBleed,OpenBSD     2014-04-15 04:21:26

  Severe SSL 3.0 vulnerability to be released

According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...

   SSL,Security vulnerability, The Register     2014-10-14 22:22:39

  HeartBleed: Should C be blamed for the HeartBleed bug?

There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ b...

   C,HeartBleed,Analysis,Code review     2014-04-14 03:52:55

  How to prevent next HeartBleed bug?

How to ensure the security of open source projects is a concern for many open source users including individual users and companies. But it's not an easy task to ensure the security of open source projects. Because everyone can see the source code, there is much higher possibility that a bug may be found by someone. Once a bug is disclosed, people may exploit it and do evil things, this may cause loss of money either for individuals or companies, some of the bugs may even have big impact to the...

   Open source,HeartBleed,Security     2014-04-24 09:07:05

  HeartBleed: Inside the heart, what happens to a normal WEB user?

To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us. Here comes the technical explanation. You might notice before that a lot of websites use URL starting with "https". For example, https:/...

   HeartBleed,Analysis     2014-04-09 22:41:43

  HeartBleed: Inside the heart, what causes the bleeding?

Just after a few weeks since Apple's famous goto fail bug, there is one bug in OpenSSL which catches the attention from the world again. The bug is named HeartBleed, found in OpenSSL library, a famous open source library supporting lots of  SSL/TLS communication among server/client applications. The reason why this bug catches the attentions from the world is it affects almost all sites which are using the affected OpenSSL library, these includes many applications like Nginx server, some v...

   OpenSSL,HeartBleed     2014-04-09 05:47:30