Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


Posts Tagged ‘openssl’


CVE-2015-1793: OpenSSL Alternative Chains Certificate Forgery

Posted July 9, 2015    BeyondTrust Research Team

This morning The OpenSSL team released a security advisory stating that the latest versions of OpenSSL contain a severe vulnerability which can allow an attacker to bypass certain certificate validation checks, enabling them to issue an invalid certificate.


Heartbleed – When OpenSSL Breaks Your Heart

Posted April 8, 2014    BeyondTrust Research Team

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

, , ,