All Posts

2 posts

What You Need to Know About the Upcoming Leap Second

This week the International Earth Rotation and Reference System Service announced they will add a leap second to Coordinated Universal Time (UTC) on June 30, 2015 at 23:59:60 UTC.  Qualys has completed our assessment of the Qualys Cloud Platform and its sensors (scanners), and we do not expect any impact or adverse effect.

The International Earth Rotation and Reference System Service (IERS) is a worldwide organization based in Paris, France that observes the Earth’s rotation irregularities and compares it to atomic time. When the difference between the Earth rotation and atomic time becomes greater than 0.9 seconds, they order a leap second to be added worldwide. Since 1972 a total of 25 leap seconds have been added, and the one scheduled for June 30, 2015 is the 26th.

Continue reading …

Addressing CVE-2015-0204 FREAK with Qualys VM

This past year we have seen an overwhelming interest in SSL library exploits, and FREAK or "Factoring RSA EXPORT Keys" is another one. The full impact is yet to be known as the flaw was baked in the development of secure web communications, so browsers, web clients and hosts would negotiate the strongest encryption “allowed,” falling back to weaker, “export” protocols as required. The most updated list of browsers appears to include: Internet Explorer, Chrome on Mac OS and Android, Safari on Mac OS and iOS, Blackberry Browser, and Opera on Mac OS and Linux.

Continue reading …