Link

LibreSSL is the project name for OpenBSDs fork of OpenSSL. The commit messages to the project are hilarious. The code they are removing is not.

Link

An eventually consistent database is not a good idea for banking.

Link

Heartbleed is turning into Risk Management Theater. Everyone is claiming they have the best solution and fixes, but really end up looking like fools.

Link

Right on queue. Who didn’t see this coming?

Link

Great job by WhiteHat to add this check to their product offering so quickly. I don’t see any of their competitors doing the same. Yet another reason why point-in-time checks are not good enough.

Link

I took some time to write up all the security related efforts at Wiredrive. We have been quite busy being vigilant across the entire organization.

Link

Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.

Link

Validate any service you use against Qualys. If they don’t get an A, tell them to upgrade.

Link

The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by OpenSSL software. Wiredrive has patched all servers and installed new SSL keys.

All customers should change their passwords as an added precaution.

Link

Good find by Incapsula. Remember to always filter inputs, no matter the source.