Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Servers remain vulnerable to fresh OpenSSL flaw

by The Gurus
June 13, 2014
in Editor's News
Share on FacebookShare on Twitter

Half of servers tested by Qualys labs are vulnerable to the most recently-discovered OpenSSl flaw.
 
According to Qualys, after the advisory was published on June 5th it has been testing a remote check for the flaw and satisfied that the test is identifying vulnerable hosts correctly, a scan run against the SSL Pulse dataset found that about 49 per cent servers are vulnerable, and around 14 per cent of the total number are exploitable because they’re running a newer version of OpenSSL.
 
“The rest are probably not exploitable, but should be upgraded because it’s possible that there are other ways to exploit this problem,” said Ivan Ristic, director of engineering at Qualys. “The CVE-2014-0224 vulnerability will be the most problematic for most deployments because it can be exploited via an active network (man in the middle) attack. Although virtually all versions of OpenSSL are vulnerable, this problem is exploitable only if (1) both sides use OpenSSL and (2) the server uses a vulnerable version of OpenSSL from the 1.0.1 branch.”
 
Craig Young, security researcher at Tripwire, said: “In CVE-2014-0224, an attacker who is able to intercept traffic between a vulnerable client and a vulnerable server can then compromise the confidentiality and integrity of client/server communications. Although this is definitely important to fix, it does not allow an attacker to take control, crash, or disclose information from a victim.
 
“This latest OpenSSL vulnerability, as well as the recently discovered GNUTLS vulnerability, demonstrates that Heartbleed is not a single isolated event — these types of vulnerabilities are being discovered continuously,” said Ken Westin, security analyst at Tripwire.
 
“The magnitude of Heartbleed provided a great deal of visibility around these types of vulnerabilities, but many IT teams think that once they patch for it their risk is completely mitigated. In fact, this pattern of vulnerabilities exposes the need to develop a comprehensive vulnerability management strategy. In order to reduce risk you must be able to continuously monitor your environments for new vulnerabilities as they are discovered.”

FacebookTweetLinkedIn
Tags: FlawOpen SourceOpenSSLVulnerability
ShareTweetShare
Previous Post

Eureka! Sports site authenticates users sans the password hassle

Next Post

Microsoft updates details on privacy and collecting data

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information