S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By: Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

OpenSSL fixes High Severity data-stealing bug – patch now!

By: Paul Ducklin — February 8^th 2023 at 02:58

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

Naked Security

OpenSSH fixes double-free memory bug that’s pokable over the network

By: Paul Ducklin — February 3^rd 2023 at 17:59

It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By: Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

The OpenSSL security update story – how can you tell what needs fixing?

By: Paul Ducklin — November 3^rd 2022 at 00:44

How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...

ossl-code-1200

Naked Security

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

By: Paul Ducklin — November 1^st 2022 at 17:24

That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...

Naked Security

OpenSSL fixes two “one-liner” crypto bugs – what you need to know

By: Paul Ducklin — July 6^th 2022 at 16:52

"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...

Naked Security

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

By: Paul Ducklin — June 30^th 2022 at 12:57

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

Naked Security

OpenSSL issues a bugfix for the previous bugfix

By: Paul Ducklin — June 24^th 2022 at 15:32

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Naked Security

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

By: Paul Ducklin — April 11^th 2022 at 16:58

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?

cat-1200

Naked Security

OpenSSL patches infinite-loop DoS bug in certificate verification

By: Paul Ducklin — March 18^th 2022 at 17:59

When it comes to writing loops in your code... never sit on the fence!

Naked Security

Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble

By: Paul Ducklin — December 17^th 2021 at 17:57

Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!

Naked Security

Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it

By: Paul Ducklin — December 3^rd 2021 at 17:58

Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.