Red Hat Security Blog: October 2014 archives
-
Can SSL 3.0 be fixed? An analysis of the POODLE attack.
SSL and TLS are cryptographic protocols which allow users to securely communicate over the Internet. Their development history is no different from other standards on the Internet. Security flaws were found with older versions and other improvements were required as technology progressed (for example elliptic curve cryptography or ECC), which led to the creation of newer versions of the protocol. It is easier to write newer standards, and maybe even implement them in code, than to adapt... -
The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities.
Red Hat Product Security track lots of data about every vulnerability affecting every Red Hat product. We make all this data available on our Measurement page and from time to time write various blog posts and reports about interesting metrics or trends. One metric we've not written about since 2009 is the source of the vulnerabilities we fix. We want to answer the question of how did Red Hat Product Security first hear about each vulnerability? Every vulnerability that affects a Red Hat...