GnuTLS Bug Part 3: You Always Need to Patch New Cloud Servers
Mar 24,
2014
Or at least you have no way of really knowing that you don’t need a patch until you check this particular server very carefully. Last week and the week before I warned you about the GnuTLS bug. By now you must have all your in-house systems patched, right? Right? Amazon Web Service’s EC2 provides you […]
GnuTLS Bug Part 2: What Components Were At Risk?
Mar 17,
2014
A week ago I warned you about the GnuTLS bug. You have patched your systems, right? This is big, and it’s hard to say just how big it really is. A lot of network clients and servers need to use SSL/TLS, but they can call on libraries from various sources. They might be compiled in […]
GnuTLS Bug Puts Network Communications at Risk
Mar 10,
2014
A week ago Apple reported the goto fail bug, a logical coding error in the Mac OS X and iOS implementations of a TLS shared library. Yes, it really happened at a goto statement jumping execution to a code block handling failure. This week the open-source community had egg on its crowd-sourced face as we […]
What is the Most Dangerous Code in the World?
Apr 23,
2013
It seems to be the software that we’re all relying on to protect our financial transactions and other critical network communications. One of the main points of the first chapter of Learning Tree’s Cloud Security Essentials course is that it is very difficult to design and implement secure software. The course demonstrates this with a […]