Highlights and Updates

IETF working group confirming consensus on removing RSA key transport from TLS 1.3

Wednesday, 7th May 2014
The IETF working group responsible for the TLS 1.3 standard is confirming a consensus to remove RSA key transport cipher suites from TLS 1.3 and to use Diffie-Hellman Exchange or Elliptic Curve Diffie-Hellman Exchange instead.

Syrian Electronic Army hijacks a Wall Street Journal Twitter account

Tuesday, 6th May 2014
The Wall Street Journal's Twitter account has just been hijacked by the Syrian Electronic Army and used to poke fun at an American security expert.

Dropbox patches shared links security flaw

Tuesday, 6th May 2014
Dropbox has now patched a security vulnerability which could give third parties access to server data without authorization.

Apple preparing fix for iOS 7 mail attachment bug

Tuesday, 6th May 2014
Apple acknowledged a bug in iOS that leaves email attachments vulnerable and has committed to fixing it. 
Luckily the bug is difficult to exploit and doesn't affect iPhone 4s and later devices running iOS 7.1.

Facebook introduces anonymous login

Monday, 5th May 2014
Facebook has announced the availability of an anonymous login feature, allowing users to log into apps without sharing any personal information, along with a new version of Facebook Login with better privacy controls.


PHP releases new version that fixes multiple security flaws including Heartbleed.

Monday, 5th May 2014
The maintainers of PHP have released two new versions of the scripting language, Version 5.4.28  and Version 5.5.12. Both contain a fix for the OpenSSL Heartbleed vulnerability as well as important fixes for over a dozen other vulnerabilites.

Microsoft has Released a Security Update for the Critical Internet Explorer Vulnerability, Includes XP Users as well

Friday, 2nd May 2014
Microsoft has released out-of-band updates to address the critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP.

Apache Struts 2.3.16.2 Released to Fix Two Critical Vulnerabilities

Wednesday, 30th April 2014
Version 2.3.16.2 fixes two critical vulnerabilities that can allow Remote Code Execution via ClassLoader manipulation, and DoS attacks.
All Struts 2 developers are strongly advised to update their installations to this version as soon as possible. 

Mozilla Releases Security Updates for Firefox, Thunderbird, and Seamonkey

Wednesday, 30th April 2014
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. 

Siemens patches Heartbleed vulnerability in SCADA systems and eLAN products

Wednesday, 30th April 2014
Siemens has released security updates that fix the Heartbleed vulnerability in their eLAN products and their WinCC OA SCADA software. Siemens is still currently preparing updates for their other products which have the Heartbleed vulnerability.