The Weekly Ink #1
The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog...well, weekly.
Jon is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes "30 under 30" list for his mobile security hijinks.
The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog...well, weekly.
The most severe of the handful of OpenSSL vulnerabilities patched in 1.0.1h can be exploited by a man-in-the-middle adversary to decrypt traffic between a vulnerable client and server.
Our second post in a mini-series around the Heartbleed vulnerability details some of the defense-in-depth techniques we've had in place for years that helped mitigate its impact.
While the initial concern about Heartbleed focused around the exposure of confidential data and private key material, security researchers quickly realized a more insidious attack: remote session hijacking.
> We recently discovered a vulnerability in our duo_wordpress plugin, employed by users to protect their WordPress blogs and sites with our two-factor authentication service.