Category Archives : InfoSec-Reads


Shellshock

Overview You’re system probable vulnerable if you have not updated your system since Tuesday since Tue Sep 30 2014: 1:32PM EST. A remote code execution vulnerability has been found in Bash which is named as “Shellshock”. Description GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote […]


POODLE SSL Vulnerability – The End of Life for SSL 3.0

Overview The recently disclosed protocol flaw in SSLv3, referred to as CVE-2014-3566 or POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption), could expose some deployments that support SSLv3 to a risk of an active Man in the Middle (MITM) attack. A successful attack could lead to the disclosure of the information that […]


Heartbleed Bug 1

Heartbleed Bug The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some […]

heartbleed