GnuTLS Bug Part 3: You Always Need to Patch New Cloud Servers
Mar 24, 2014
Or at least you have no way of really knowing that you don’t need a patch until you check this particular server very carefully. Last week and the week before I warned you about the GnuTLS bug. By now you must have all your in-house systems patched, right? Right? Amazon Web Service’s EC2 provides you […]
GnuTLS Bug Part 2: What Components Were At Risk?
Mar 17, 2014
A week ago I warned you about the GnuTLS bug. You have patched your systems, right? This is big, and it’s hard to say just how big it really is. A lot of network clients and servers need to use SSL/TLS, but they can call on libraries from various sources. They might be compiled in […]
GnuTLS Bug Puts Network Communications at Risk
Mar 10, 2014
A week ago Apple reported the goto fail bug, a logical coding error in the Mac OS X and iOS implementations of a TLS shared library. Yes, it really happened at a goto statement jumping execution to a code block handling failure. This week the open-source community had egg on its crowd-sourced face as we […]
Want Safe Cloud-Based E-Mail? I’m Avoiding Web Mail.
Jan 13, 2014
I was reminded of some cloud security issues recently while helping family restore their e-mail connectivity. Where they live, Frontier is pretty much the only practical choice for landline phones plus high-speed Internet. Their performance is quite good, and I have found them to have the most technically savvy customer service of any major provider […]
Why Must We Still Fear the BEAST, and What Can We Do?
May 7, 2012
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]