Displaying items by tag: Theo de Raadt

The OpenSSL Project has released fixes for two vulnerabilities in the open-source cryptographic library, with the severity of both rated "high". The accompanying documentation has justified the advice of British security expert Kevin Beaumont not to get carried away by hype over the expected announcement, as iTWire reported.

British security researcher Kevin Beaumont has played down the hype over a recent announcement about a critical flaw in the open-source cryptographic library OpenSSL from Red Hat Linux. The advisory is due on 1 November.

The OpenSSL project, an open-source cryptographic library, has released a fix for a serious vulnerability present in versions 1.0.2, 1.1.1 and 3.0.

The open-source OpenSSL project has released an updated version of its software, 1.1.1k, to fix two vulnerabilities, the severity of both of which has been described as "high".

The release of version 2.0.0 by the OpenZFS project has some crowing as though some revolutionary new software, which will bring benefits to world+dog, has landed.

The OpenSSH project has implemented changes in its implementation of secure shell to guard against speculative execution and memory side-channel attacks — Spectre, Meltdown, Rowhammer and RAMBleed — developer Damien Miller says.

The head of the OpenBSD project, Theo de Raadt, has warned that more flaws related to speculative execution in Intel CPUs are likely to be found and that the two vulnerabilities found by Intel, as a result of examining the Foreshadow bug — found by two independent teams — are cause for much worry.

Processor giant Intel says that a new vulnerability in its CPUs, known as TLBleed, is not caused by speculative execution and hence not related to Spectre and Meltdown, two flaws which were disclosed in January.

Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says.

The OpenBSD project, which produces an UNIX-like operating system of the same name, has decided to disable support for hyperthreading for Intel processors as it could lead to data leaks in a manner similar to that caused by the Spectre flaws in Intel processors announced earlier this year.

Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

Disclosure of the Meltdown and Spectre vulnerabilities, which affect mainly Intel CPUs, was handled "in an incredibly bad way" by both Intel and Google, the leader of the OpenBSD project Theo de Raadt claims.

The OpenSSL project is seeking to go ahead with a change of licence to the Apache Licence Version 2.0 but the way it is doing so appears to have riled up some contributors.

The worst thing about a distributed denial of service attack is not the attack itself. Rather, it is the slew of bottom-feeders who appear on the horizon after the deed and try to profit from the misery of others.

The OpenBSD project has marked two decades since commits were first made to the source tree with the release of version 5.8 - and four songs to mark the release, three inspired by the Beatles.

Linus Torvalds didn't use words half as lyrical as those of the immortal Beatles when he first announced the arrival of Linux 20 years ago (for those who don't know, the headline for this article is taken from the famous album, Sergeant Pepper's Lonely Hearts Club Band, released by the band in 1967).

The security company NETSEC was "probably contracted to write backdoors as alleged," the founder of the OpenBSD project, Theo de Raadt, said in a message posted to the openbsd-tech mailing list on Tuesday.

The OpenBSD project has found two bugs during an audit of the cryptographic code in which, it has been alleged, the FBI, through former developers, was able to plant backdoors.

Two developers named as having played a role in creating backdoors for the FBI in the open cryptographic framework used in OpenBSD have denied they did so.