Heartbleed

ASM Signs Distribution Agreement with the only Technology Vendor Inherently Safe from Heartbleed

Forum Sentry by Forum Systems was the only API gateway safe from the Heartbleed OpenSSL cryptographic vulnerability Forum Systems now available to the UK channel through ASM Technologies Forum Sentry is the first API gateway to achieve international security certification … Read MoreRead More

Tags: , ,
Heartbleed

Forum Systems CEO featured in CIO Article on Heartbleed

Mamoon Yunus, Forum Systems CEO, was recently featured in Why Open Source Software Isn’t as Secure as You Think by Paul Rubens. The article dives into the potential issues with using open source code to manage secure information traffic, and talks … Read MoreRead More

Tags: ,
Heartbleed

Six New OpenSSL Security Vulnerabilities Discovered Since Heartbleed

In a recent security advisory from June 5th, 2014, six new vulnerabilities were disclosed on OpenSSL’s website. It’s important that these news OpenSSL flaws are being discovered quickly and getting fixed. But these new discoveries are indicative of other potential … Read MoreRead More

Tags: ,
Heartbleed

OpenSSL is Fṓṝked

The flensing began rather quickly with the OpenBSD team cleaning up 90,000 lines of code within a week of Heartbleed.  OpenSSL then got royally fṓṝked by OpenBSD and LibreSSL was born.  The divergence between OpenSSL and LibreSSL continues while OpenSSL … Read MoreRead More

Tags: ,
Heartbleed

How Java™ Could Have Prevented Heartbleed

OpenSSL continues to cast a shadow over the IT industry’s poor choice of programming languages for developing secure software. Neils Ferguson and Bruce Schneier’s mantra, that using a programming language without protection against buffer overflows is tantamount to criminal negligence, … Read MoreRead More

Tags: ,
Heartbleed

5 Questions to Ask your Load Balancer Vendor

Heartbleed, the recent security flaw found in OpenSSL, is just one of many flaws discovered in this open source code base. Many load balancer providers have bolted on OpenSSL to manage SSL traffic through their product. Here are five questions … Read MoreRead More

Tags: , ,
Heartbleed

Load balancers that use OpenSSL

A list of market leading load balancers that use OpenSSL to protect HTTP and FTP traffic includes F5, Citrix, Radware, Riverbed, and Barracuda. Load balancers spread traffic amongst multiple servers and enable high availability for business transactions. They serve as a central conduit for critical business transactions. The load balancer vendors have done a good job in patching their products to prevent the latest OpenSSL vulnerability: Heartbleed. … Read More

Tags: ,
Heartbleed

Heartbleed exposes privates

This is as serious as it gets. Heartbleed exposes your corporate private keys. Your crown jewels, your keys to the castle….well you get the idea. Your corporate privates are indeed exposed, they may not have been stolen yet, but they are unequivocally exposed through Heartbleed . It took researches less than 3 hours to extract private keys from a server as a result of a challenge issued by CloudFare. … Read More

Tags: ,

OpenSSL Security Vulnerabilities and other C-based Risks

The latest Heartbleed OpenSSL vulnerability (CVE-2014-0160) is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. … Read More

Tags: , , , ,
Heartbleed

Predictions from 2002-2003: Heartbleed = Criminal Negligence

Here is an archived document that Forum Systems published in 2002-2003 while architecting a secure XML gateway. We would like you to read this article to understand the importance of a security-first approach while interacting with users and systems, especially outside your enterprise boundary. … Read More

Tags: , , , ,