When talking DDoS, most of the people that aren’t afraid to use words like DNS or ICMP, are left with the impression that DDoS is a simple, yet pesky activity. In fact, this is hardly the case. Although compared to some forms of cyber-attacks, Denial of Service attacks are very straight forward, being a true DDoS master is miles away from the thousands of self-proclaimed hackers. Most of the DDoS-ers are actually script-kiddies and wannabe hackers just downloading and using bots, toolkits and scripts created by true masterminds. When it comes to innovation and the abuse of new intrusion vectors, it is clear who runs the parade.
ORIGINAL POST

A Shaggy POODLE Story With a Sad End

Encryption has always been a sensitive subject to people dealing with valuable information, which is also true for most Internet users as they have at least some personal information if not sensitive banking data stored online. When the news of the Heartbleed bug hit the online community people were shocked but nothing could prepare them for the barrage of vulnerabilities in the OpenSSL library that followed. Now we present to you the latest in a long line of bugs and weaknesses in SSL – the POODLE bug.
ORIGINAL POST

Shellshock – Another Bug to Rattle the Cage

Since the beginning of this year some of the most epic and significant vulnerabilities have been discovered. The online community was shocked when the first news of Heartbleed came out and that the bug was around for more than four years. And just when we thought that nothing could surprise us anymore the Shellshock family of bugs was discovered. What is even more terrifying here is that analysis of the source code history suggest that this bug has been around since 1992.
ORIGINAL POST

Probing the Trustworthiness of Encryption Continues

The process of scrutinizing the OpenSSL source code, which began with the discovery of the Heart Bleed vulnerability, is continuing and picking up speed. As we previously foretold, professionals around the world have turned their heads to the encryption library, to better the way we keep our information safe. This is why, new vulnerabilities are bound to be discovered. A fresh example of that, are the new vulnerabilities found just a day ago. The large number of nine new weaknesses, may frighten you at first, but what it really means is that much is done to patch the leaks and improve the user experience of the encryption library.
ORIGINAL POST

Attention Banks: Customer Confidence is in Your Hands!

Not long ago, the FFIEC released a statement aiming to give the heads up about the ever-so-popular use of Distributed Denial of Service attacks against financial institutions. The fact that for the first time a financial governing body is addressing cyber security in such a manner, is an indication of the growing risks and concerns over the rising number and frequency of cyberattacks.
ORIGINAL POST

Stay Tuned For More Trouble With SSL

After the notorious Heartbleed vulnerability was found, researchers and programmers worldwide are turning their heads to the OpenSSL encryption library source code. The numerous close examinations conducted by specialists in the field, revealed that OpenSSL is far from perfect and that there are more unexpected weak points to be discovered in the future. The first one to come after Heartbleed is the new SSL/TLS vulnerability.
ORIGINAL POST

Heartbleed Bug Exploits SSL

Recently a serious Bug has been discovered that exploits a vulnerability in the OpenSSL cryptographic software library. The Bug poses a great threat to internet security as a whole because it allows an attacker to access chunks of memory on a server, thus gaining access to valuable information. The bug is called Heartbleed and has left large amounts of user data and private keys exposed on servers using the vulnerable OpenSSL versions.
ORIGINAL POST