The flensing began rather quickly with the OpenBSD team cleaning up 90,000 lines of code within a week of Heartbleed. OpenSSL then got royally fṓṝked by OpenBSD and LibreSSL was born. The divergence between OpenSSL and LibreSSL continues while OpenSSL … Read More … Read More
News & Events
How Java™ Could Have Prevented Heartbleed
OpenSSL continues to cast a shadow over the IT industry’s poor choice of programming languages for developing secure software. Neils Ferguson and Bruce Schneier’s mantra, that using a programming language without protection against buffer overflows is tantamount to criminal negligence, … Read More … Read More
Blueprint for Heartbleed and OpenSSL Risk Exposure Prevention
Forum Systems to Showcase API and Cloud Security Gateway at Infosecurity Europe Forum Systems Inc. will be showcasing Forum Sentry – its industry-leading API and Cloud Security Gateway – next week at Infosecurity Europe 2014. Europe’s biggest free-to-attend information security … Read More … Read More
Load balancers that use OpenSSL
A list of market leading load balancers that use OpenSSL to protect HTTP and FTP traffic includes F5, Citrix, Radware, Riverbed, and Barracuda. Load balancers spread traffic amongst multiple servers and enable high availability for business transactions. They serve as a central conduit for critical business transactions. The load balancer vendors have done a good job in patching their products to prevent the latest OpenSSL vulnerability: Heartbleed. … Read More
Heartbleed exposes privates
This is as serious as it gets. Heartbleed exposes your corporate private keys. Your crown jewels, your keys to the castle….well you get the idea. Your corporate privates are indeed exposed, they may not have been stolen yet, but they are unequivocally exposed through Heartbleed . It took researches less than 3 hours to extract private keys from a server as a result of a challenge issued by CloudFare. … Read More
OpenSSL Security Vulnerabilities and other C-based Risks
The latest Heartbleed OpenSSL vulnerability (CVE-2014-0160) is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. … Read More
Predictions from 2002-2003: Heartbleed = Criminal Negligence
Here is an archived document that Forum Systems published in 2002-2003 while architecting a secure XML gateway. We would like you to read this article to understand the importance of a security-first approach while interacting with users and systems, especially outside your enterprise boundary. … Read More
How to fix OpenSSL Heartbleed Security Flaw
In this article, we will show you how to fix the OpenSSL Heartbleed security flaw. OpenSSL Heartbleed has been recently discovered by security researchers. This security flaw is as a result of a software bug in the SSL/TLS protocol implementation of the … Read More