Backstage Blog

RSS logo

You're browsing posts of the category Security

Taking Our Bug Bounty Program Public

April 18th, 2019 by Tobias Schmidt

We’re excited to announce the launch of our public bug bounty program with Bugcrowd — the #1 crowdsourced security platform. This public program is open to Bugcrowd’s full crowd of top, trusted whitehat hackers, and we will award up to $1,500 per vulnerability identified on our website, API, and mobile apps.

Read more…

Security update: Heartbleed vulnerability in OpenSSL

April 11th, 2014 by Astera Schneeweisz
Heartbleed

On Monday, April 7th, 2014, a major security vulnerability in OpenSSL was made public. The vulnerability was filed as CVE-2014-0160 and later dubbed “Heartbleed”, because the bug lies within OpenSSL’s heartbeat extension, which is used for keepalive monitoring. As a result of the bug, process memory can be read out remotely by an attacker—potentially including certificates, keys, credentials, tokens, or other sensitive data processed by the server.

OpenSSL works as a cryptographic library that allows for authenticity and confidentiality across the entire Internet. Because the reported Heartbleed bug affects a vast number of internet services using OpenSSL to secure their services (such as HTTPS, SMTP, IMAPS, and POP3), a patched OpenSSL version was released

Read more…