System News
 1 2 3 4 5 6 7 8 9 10 next
Articles for the keywords: OpenSSL
03 Aug 2017 Oracle, SafeLogic and OpenSSL Partner on Next Generation FIPS Module [65408]
Oracle, August 3th, 2017

Oracle, OpenSSL and SafeLogic today announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS 140-2 module, and called for others to join the effort. OpenSSL is the most widely used and respected cryptographic library protecting data transfers across computer networks. The Federal Information Processing Standard (FIPS) 140-2 is a joint U.S. and Canadian government security standard for testing cryptographic modules, the objective of which is to ensure the use of strong and validated cryptographic protection in U.S. and Canadian government systems.
(Get More Information . .) open to premium members only

06 Jun 2017 NexentaStor 4.0.5-FP1 [64149]
Nexenta, June 6th 2017

NexentaStor 4.0.5-FP1 delivers fixes to improve stability, scalability, and performance. This Fix Pack builds on the fixes and enhancements previously released in 4.0.5; addresses customer-reported issues, and addresses issues found internally by Nexenta engineering.

Our releases continue to focus on ensuring the highest level of security. We have included fixes for several CVEs and other security issues. See 'Resolved Security Issues in 4.0.5-FP1' table for more information on the security fixes.

NexentaStor 4.0.5-FP1 includes the following upgrades:

  • Upgraded OpenSSL version to 1.0.2k
  • Upgraded Apache version to 2.4.25

NexentaStor 4.0.5-FP1 provides several AutoSync fixes and enhancements.
(Get More Information . .) open to premium members only

18 May 2017 Are VMs More Secure Than Containers? [63479]
Network World, May 18th 2017

"We often say, 'HTTPS is secure,' or 'HTTP is not secure.' But what we mean is that 'HTTPS is hard to snoop and makes man-in-the-middle attacks difficult' or 'my grandmother has no trouble snooping HTTP.'

Nevertheless, HTTPS has been hacked, and under some circumstances, HTTP is secure enough. Furthermore, if I discover an exploitable defect in a common implementation supporting HTTPS (think OpenSSL and Heartbleed), HTTPS can become a hacking gateway until the implementation is corrected.

HTTP and HTTPS are protocols defined in IETF RFCs 7230-7237 and 2828. HTTPS was designed as a secure HTTP, but saying HTTPS is secure and HTTP is not still hides important exceptions.

Virtual machines (VMs) and containers are less rigorously defined, and neither was intentionally designed to be more secure than the other. Therefore, the security issues are still murkier..."
(Get More Information . .) open to premium members only

14 Dec 2016 NexentaStor 4.0.5 [58998]
Nexenta, December 14th, 2016

NexentaStor 4.0.5, Nexenta's latest and greatest maintenance update, is now generally available for online upgrades and download from nexenta.com.

This release further hardens Nexenta's core product and rolls up all Fix Packs and customer specific patches released since 4.0.4 went GA (a bit more than a year ago now). It also includes a number of enhancements, such as:

  • Support for Data At Rest Encryption on Self-Encrypting Drive based configurations
  • Numerous security updates, including update to OpenSSL 1.0.2
  • Support for Intel XL710 40GbE NIC, and X710 10GbE NICs
  • Support for QLogic 16Gbps FC
  • Numerous chassis management additions (e.g. Ericsson HDS8k, Dell MD1280, Amax)
  • and more (see release notes for details)

https://nexenta.com/products/downloads/nexentastor
(Get More Information . .) open to premium members only

20 Jul 2016 Two Years After Heartbleed, An Improved OpenSSL Aims For Government Approval [54556]
FCW, July 20th, 2016

"When the Heartbleed bug was discovered in 2014, federal agencies reported no significant fallout from the OpenSSL vulnerabilities on government websites. But as that vital open-source software library has been revised and strengthened in the two years since, a different problem has emerged: the newer, more secure OpenSSL 1.1 lacks a critical federal validation for cryptographic software.

Using it in federal systems, in fact, would be against the law..."
(Get More Information . .) open to premium members only

 
 1 2 3 4 5 6 7 8 9 10 next






!-- end archive_section.tpl -->