Tags » Cloudflare

Information security: latest news of the week April 14, 2014

A critical vulnerability in Google allows access to the Google’s production servers

A Team of researchers discovered a critical XML External Entity (XXE) vulnerability on Google server that allows users to customize their toolbars with new buttons by uploading XML files containing layout properties. 441 more words

IT Security News

The Cloud, Heartbleed, and Web Development

One of the reasons developing in the Cloud has become so advantageous is the arrival of the Heartbleed bug. In case you’ve been hiding in… 508 more words

Web Development

Heartbleed and Cloudflare: Part 2

Damn, that didn’t take long.  A server reboot might have contributed, but it looks like the private key got ganked pretty fast.  What would be really nice (as I’ve suggested on the… 382 more words

Heartbleed and Cloudflare

http://www.zdnet.com/private-keys-may-be-inaccessible-to-heartbleed-7000028356/#ftag=RSS4d2198e

1)  CloudFlare rocks.  They’re a great organization and they continue to do great things.

2)  I suspected that this would be the case, given the very reasons provided (that certificate data is loaded into memory early on, and therefore unlikely to be found in memory space following the heartbeat packet) but I’ve seen other assertions (one in particular is found on heartbleed.com) where the authors claim to have stolen private key data.  279 more words

Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?

The widely-used open source library OpenSSL revealed on Monday it had a major bug, now known as “heartbleed”. By sending a specially crafted packet to a vulnerable server running an unpatched version of OpenSSL, an attacker can get up to 64kB of the server’s working memory. 34 more words

91c952d31c461416e0b13068b4096f98

DHS issues Heartbleed statement as CloudFlare suggests it might be just a pinprick

Governments are starting to respond to the Heartbleed bug that has captured the Internet’s attention for much of the last week. The United States Department of Homeland Security has… 1,064 more words

Tech

The heartbleed bug shows how fragile the volunteer-run internet can be

Matthew Prince, CEO of the online security company CloudFlare, watched his company’s top cryptographer turn “white as a ghost” after learning about a bug in the essential infrastructure of the internet last week. 671 more words