Today, Juliano Rizzo and Thai Duong presented a new attack on TLS <= 1.0 at the Ekoparty security conference in Buenos Aires.
A while ago, I wrote up a description of what needs to be done to get Tor to be IPv6-compliant and sent it to the tor-dev mailinglist.
There's a new buffer overflow vulnerability in versions of OpenSSL from 0.9.8f through 0.9.8o, and 1.0.0 through 1.0.0a.
Hi! I recently wrote up a status report for the progress we're making on hacking Libevent, and I thought I'd post it here too.
As of 7 January, we're down to 0 issues on Coverity Scan. This is great news!