-
sustainable
#opensource -@tobie starts his story with#heartbleed - how $2k/year under-investment suddenly becomes $500m industry-wide remediation investment#fosdem#communitypic.twitter.com/IULb2cH8Nb
Prikaži ovu nit -
We are officially on IMDB! Go check us out at https://www.imdb.com/title/tt10023486/ …
#heartbleed#imdbpic.twitter.com/OhnTqd3bkJ
-
Our ACM CACM article on how website administrators (didn't) respond to
#Heartbleed is available at last!@CACMmag https://cacm.acm.org/magazines/2018/3/225489-analysis-of-ssl-certificate-reissues-and-revocations-in-the-wake-of-heartbleed/fulltext … For more of our research on Heartlbeed and securing online authentication, check out https://securepki.org -
I say “my money is on APT18” because they weaponized
#HeartBleed in 2014 against Juniper SSL VPN devices within 24ish hours of vulnerability disclosure...& they love remote access to enterprise networks without using backdoors (or removing backdoors after gaining access to VPN)Prikaži ovu nit -
What *is* terrifying are important & widely used FOSS projects that don't have the resources and support they need. This is how
#Heartbleed happened - a key library that the entire Internet relied on was maintained by four unsupported devs struggling without needed resources.Prikaži ovu nit -
An interesting find. Website and open directory files encrypted with
#heartbleed#ransomware with extension d3g1d5. Has interesting directory called#exploitpic.twitter.com/GKVLR2Pj03
Prikaži ovu nit -
“Running a large
#LightningNetwork node has been quite stressful - An exploit such as we saw with#heartbleed could allow an attacker to drain all funds from the node while I’m sleeping. It’s time to end the experiment,” Brekken concludes. https://news.bitcoin.com/a-look-at-what-it-was-like-to-operate-the-lightning-networks-largest-node/ … -
One of the challenges today in blockchain & cryptographic security is the “free rider” problem where large organizations benefit hugely from the efforts of a few critical open source cryptographic developers, but do not fully support them. This led to events like
#Heartbleed …Prikaži ovu nit -
We’ve had a great time shooting for Heartbleed in the last three days, got plenty of scenes filmed with great performances from our talented actors. Brilliant work from the crew too who have worked very hard and have been very dedicated.
#goteam#heartbleed pic.twitter.com/XjAfx1ksZr
-
Publishing security advisories on updating broken OpenSSL versions did not help much. Only when
#heartbleed happened people started updating the software. Lesson: get a logo!#SuRI18pic.twitter.com/H1vsZOdFvE
-
#ieeesecdev TaintCrypt: Static analysis for cryptographic property enforcement https://s3.amazonaws.com/cybersec-prod/secdev/wp-content/uploads/2017/06/26173848/Program-Analysis-of-Cryptographic-Implementations-for-Security.pdf … [Clang, LLVM, found#heartbleed ; paper http://people.cs.vt.edu/danfeng/papers/Crypto-Program-Analysis-SecDev-2017-Yao.pdf … ; proto-tool https://github.com/franchiotta/taintchecker … ]pic.twitter.com/aJYdQUE7cs
-
Besides
#heartbleed, are there actually any other exploitable irl#SSL/#TLS vulnerabilities, most if not all seem to be#MITM with no actionable exploits. Enlighten me twitter please
Prikaži ovu nit -
#Heartbleed#vulnerability was introduced into OpenSSL crypto library, 2012. Discovered &#fixed 2014, yet 5 yrs later still remain unpatched systems!!#CyberAware#cyberexposure#threatlandscape#malicious#exploit#Cybersecurity#protection@CiaSecurehttps://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/?utm_source=hs_email&utm_medium=email&utm_content=76804206&_hsenc=p2ANqtz-_h8IjJZbRWNVwu5-uyKsbMCs1UlviLDq3i8XY1GiIRyWX4SS674BknYNAaWKN-fDYrvsHuS93dl_2HztoU5dNQ1IK9vw&_hsmi=76804206 … -
"Dear
#DevSecOps: sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y" Don't forget you can also automate the simple stuff. https://buff.ly/2NhviTZ#heartbleed -
Five and a half years ago,
#Heartbleed exposed just how fragile Internet security can be. Today's first Tale from the Crypt(o) team explains why it's still not completely solved, and what we're doing to protect against those types of vulnerabilities. https://blog.cloudflare.com/going-keyless-everywhere … -
This resulted in a performance penalty in TLS negotiations due to the marshaling back and forth that Apache did not have. This seriously hurt IIS adoption and favored Apache. Later Apache and most things based on OpenSSL were impacted by
#HeartBleed (http://heartbleed.com/ )Prikaži ovu nit -
-
There is a problem - Black swan events continue to consume our digital infrastructure.

Take the #Heartbleed bug. OpenSSL the web’s encryption. But the OpenSSL foundation was operating on a budget of less than $2k in donations and < a $1m in contract rev.
/4 pic.twitter.com/Ts948DLN27
Prikaži ovu nit -
Thanks
@errbufferoverfl for bringing some#heartbleed in our lives
seriously, great content and just the right amount! @0xCC_sh#exploit#Infosec#pythonpic.twitter.com/KMRwRclmcK
-
#Heartbleed,#shellshock, and#poodle all made our list of top#vulnerabilities of the decadehttps://hubs.ly/H0jTFXS0
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.