What exactly is the Heartbleed vulnerability?
On April 7, 2014, the OpenSSL community announced that it found a critical vulnerability in the TLS Heartbeat protocol. The nature of such an attack is very similar to a buffer overflow attack, where a remote attacker can exploit the protocol by sending a malformed “heartbeat” request with a payload size bigger than the actual request. In response, the vulnerable server would return a heartbeat response that contains a memory block of up to 64KB in the payload. This memory block can potentially reveal confidential information, including SSL private keys, user passwords and more. The researchers that found this vulnerability have put together an informative micro site that explains all of this.read more
As you’ve most likely heard, a very serious threat called CVE-2014-0160, commonly referred to as “Heartbleed” has been threatening the ultra-popular open-source OpenSSL package. Heartbleed is unique in the collateral damage it can create.
Heartbleed exposes the ugly side of open-source security components: In past events, where such Earth-shaking vulnerabilities were found, there was a vendor that would pay for the collateral damages that the vulnerability created. Who would pay for the collateral damages of this open-source vulnerability? It is likely be the users that are using OpenSSL.read more
Every day at Radware we have customers and prospects asking us about the key determinants in sourcing and testing a DDoS protection service.read more
The latest developments in the Russia-Ukraine cyberwar battle have garnered huge media attention. It was also recently revealed that the cyber attacks on the NATO websites and infrastructure have been linked to those same tensions. The attacks, which targeted NATO and also Ukrainian media websites, were distributed denial-of-service attacks (DDoS) allegedly by the pro-Russia group Cyber Berkut (KiberBerkut).read more
“To err is human.”
This quote by British poet Alexander Pope gained new meaning to me after reading a follow-up article by Information Week on the massive security breach that the American retailer Target experienced this past November. According to the story, the Target security team reviewed and ignored urgent warnings about unknown malware spotted on their network. They simply made the wrong call. This can happen, but this erroneous call, ended up resulting in millions of dollars in lost revenues to the organization as well as exposed the personal and credit information of millions of their shoppers.read more