SSL Labs: New Grades for Trust (T) and Mismatch (M) Issues
June 17, 2014
In the 1.10.x code branch of SSL Labs, which was deployed to production last week, we made a change in how we handle assessments with trust issues. ...
SSL Pulse: 49% Vulnerable to CVE-2014-0224, 14% Exploitable
June 13, 2014
Last week (on June 5th), OpenSSL published an advisory detailing a number of serious problems. The CVE-2014-0224 vulnerability will be the most ...
SSL Labs Test for the Heartbleed Attack
April 8, 2014
Heartbleed is a name for a critical vulnerability in OpenSSL, a very widely deployed SSL/TLS stack. A coding error had been made in the OpenSSL 1.0.1 ...
HTTPS Mixed Content: Still the Easiest Way to Break SSL
March 19, 2014
Mixed content issues arise when web sites deliver their pages over HTTPS, but allow some of the resources to be delivered in plaintext. The active ...
MediaWiki DjVu and PDF File Upload Remote Code Execution Vulnerability (CVE-2014-1610)
February 27, 2014
Recently, news about an exploit targeting MediaWiki, the software that powers large-scale websites such as Wikipedia, was made available. What makes ...