Researchers disclosed a critical new SSL vulnerability during one of the biggest security conferences in the world, RSA. DROWN, or Decrypting RSA with Obsolete and Weakened eNcryption, is an vulnerability that allows attackers to gain the public key of servers that still use SSLv2.0. Watch today's video to learn more about it, and make sure to disable SSLv2.0 on all your … [Read more...]
OpenSSL DSA Vulnerability – Daily Security Byte EP. 209
Last week, the OpenSSL team fixed a vulnerability that could allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today's video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected. (Episode Runtime: 3:17) Direct YouTube Link: https://www.youtube.com/watch?v=I8yBGcTGtqM EPISODE … [Read more...]
Don't Be 'fraid of No GHOST; Glibc Vulnerability
During the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually covered GHOST already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Let me recap the issue here. GHOST is the name Qualys gave to a newly reported … [Read more...]
How to Neuter POODLE (New SSL Vulnerability)
Surprise, surprise... Researcher's have found yet another OpenSSL vulnerability. They've named this one POODLE. Silly name, I know, but at least it stands for something—Padding Oracle On Downgraded Legacy Encryption. In short, POODLE is a protocol level cryptography flaw in Secure Sockets Layer version 3 (SSLv3), which is one of the many encryption protocols available … [Read more...]
WatchGuard Releases Appliance Updates to Fix OpenSSL Flaws
WatchGuard has released several important updates to software for all product lines over the past couple of weeks to address reported vulnerabilities. Last month the OpenSSL team released an update for their popular SSL/TLS package, which fixes six security vulnerabilities in their product, including a relatively serious Man-in-the-Middle (MitM) flaw. More details about these … [Read more...]