Third times a charm… Or so they say. The OpenSource encryption library OpenSSL had its third “major” security vulnerability, which was fixed with a patch available as of November 1, 2022. As per CVE-2022-3786 and CVE-2022-3602 the security vulnerability constitute X.509 email address buffer overflows. 8 years ago it was Heartbleed. This security vulnerability was … More And another OpenSSL security vulnerability
You have a system that has long been out of maintenance. Although you might have implemented up to latest available patch and everything’s running smoothly, there is no beating around the bush: Your system is insecure. The software vendors as well as security researchers will have found security vulnerabilities that are getting fixed in higher releases, … More Your system or application is definitely insecure, if…
When I studied Economics in the 90ies, Gary S Becker received the Nobel Price for his extension of the microeconomic analysis to include human behavior and social aspects including marriage, discrimination and for example having sex with your spouse. That raised a few eye-browse back then. Nowadays I am wondering when an economist will publish … More The economics of selling security vulnerabilities – or there is a market for everything
I have long been nagged by colleagues to start a Security Anonymous group. So here is an introduction including twelve step program: Need help with a security problem? If you are concerned with a security problem and wish to learn more about Security Anonymous, read on further. Security Anonymous is a self-help group for people … More Security Anonymous – the twelve step program 🙂
Gerlinde 