Earlier, only businesses that dealt with confidential information such as credit card or online transactions, were bothered about their website security.
But with most advanced browsers now making HTTPS mandatory, and even Google considering it as a parameter for website ranking, every website is now getting an SSL certificate. (more…)
With most businesses moving online, internet security has become a crucial aspect. Vulnerabilities are being exposed so constantly in the web world that any day you can wake up to a new exploit or a hack.
To be on the safer side and to protect the data and transactions from attackers, all server owners have secure protocols such as SSL or TLS installed in their servers.
Early today (3rd May 2016), OpenSSL released patches for two high severity bugs, and 4 low severity ones. The first bug, CVE-2016-2108 is a Memory corruption vulnerability, which could allow an attacker to crash a service or even execute malicious code.
The second bug, CVE-2016-2107 is a Padding oracle vulnerability, which could be used for Man-In-The-Middle (MITM) attacks to steal encrypted login passwords. (more…)