Information Security

Defending information practices

  • 0
Participants of the OpenBSD project, that have developed the system of the same name and also different tools such as OpenSSH, OpenBGPD, OpenNTPD and OpenSMTPD, began a LibreSSL project. It is a cleared from odd codes, easier version of OpenSSL.

Theo de Raadt, the founder and the manager of OpenBSD and OpenSSH projects said that
they have managed to get rid of approximately 90 000 code lines at C and 150 000 lines of the content on the whole. MacOS, Netware, OS/2, VMS and Windows support is deleted as few people need it.

Read more →
  • 0
OpenSSL Heartbleed Vulnerability Guide

What can be stolen by attacker

Private key of the TLS server, private key of the TLS client (if the client is vulnerable), cookies, logins, passwords and any other data that are shared between the server and his clients. And you don’t need to monitor the communication path, you just can send a specially formed batch and this can not be detected in server’s logs.

Vulnerability is bidirectional: if a vulnerable client connects up with attacker’s server, he can read the client’s activity memory. Example of vulnerable clients: MariaDB, wget, curl, git, nginx (in proxi mode)

How to test OpenSSL Heartbleed Vulnerability

Read more →