StoryStream

Heartbleed: the bug that put the internet on high alert

In the spring of 2014, the internet was rocked by what security researchers are calling a "catastrophically bad" bug. Known by the dramatic name Heartbleed, the bug left the widely-used, open source OpenSSL protocol vulnerable to attacks that could put servers' private encryption keys into the hands of hackers. Major sites like Yahoo, Imgur, Flickr, LastPass, and countless others were left...

Hacker successfully uses Heartbleed to retrieve private security keys

This morning, content distribution network Cloudflare gave some hope to those affected by the Heartbleed security flaw with an announcement that the bug might not be as bad as feared. In two weeks of testing, Cloudflare said, its researchers failed to exploit the bug to steal a website's private SSL keys, which secures the data sent to users. It issued a challenge to white-hat hackers to successfully retrieve the private security keys — and unfortunately for the web, one of them succeeded.

The hacker, Node.js team member Fedor Indutny, claimed on Twitter that he'd tracked down the SSL keys.

Bad news for the web

Twitter.com adds pop-up notifications for new favorites, followers, and more

As part of its ongoing effort to reassure Twitter users that their tweets are actually being read, Twitter is rolling out in-browser notifications for visitors of Twitter.com. Over the next few weeks, logged-in users of the site will begin getting pings for replies, favorites, and retweets. You can also change your settings to receive notifications for direct messages and new followers. And the notifications are interactive, letting you reply, favorite, retweet, and follow from the...


Smile for the selfie-taking mirror

Society can't stop coming up with new ways to take selfies. The SELFIE, which is short for "Self Enhancing Live Feed Image Engine," is a two-way mirror that will capture your selfies for you with the help of a Mac Mini, a webcam and...

Report

How do you fix two-thirds of the web in secret?

When word of the Heartbleed bug first came out, news spread like a fire alarm — but it didn’t spread evenly. The vulnerability was spread across as many as two out of every three servers, which made a standard disclosure impossible. Some companies like Facebook got the news early, either from Google or OpenSSL itself, and were already patched when Monday’s news broke. Others, like Amazon and Yahoo, were left scrambling to protect...

'Trivial' mistake that caused Heartbleed crisis highlights fragility of the web

The "Heartbleed" flaw that has turned internet security upside down was added to the open-source OpenSSL protocol on New Year's Eve 2011, experts now believe. It was entered by one man — German software developer Robin Seggelmann — and a subsequent review failed to pick up on the catastrophic coding error Seggelmann had made. "In one of the new features, unfortunately, I missed validating a variable containing a length," he told the S...

X
Log In Sign Up

forgot?
Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

Spinner

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5345_tracker