Friday, October 31, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Pirate Bay Co-founder Sentenced To 42 Months Imprisonment
SEL Showcases 1058ppi And Foldable OLED Displays
New Outlook for Mac Available Now, Office for Mac Coming In 2015
Updated BBM Offers More Privacy, Control and More
Panasonic Raises Profit Outlook
Toshiba Offers New 4TB and 5TB Desktop HDDs
Samsung Introduces New Ultra Slim Galaxy A5 and Galaxy A3 Smartphones For The Chinese Market
Sharp 2Q Profit Slides
Active Discussions
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
 Home > News > General Computing > OpenSSL...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, April 09, 2014
OpenSSL Cryptographic Bug Poses Threats User Data


A newly discovered bug in in the popular OpenSSL cryptographic software library has made data on many of the world's major websites vulnerable to theft by hackers.

The so-called "Heartbleed Bug" allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The vulnerability could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.

The U.S. government's Department of Homeland Security has already advised businesses to review their servers to see if they were using vulnerable versions a type of OpenSSL. A fixed OpenSSL has been released and now it has to be deployed.

The bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Status of different versions of the OpenSSL:

- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable

Security experts estimate that hundreds of thousands of web and email servers around the globe need to be patched as soon as possible to protect them from attack by hackers.

And according to a recent report from the Arstechnica.com web site, Security researcher Mark Loman was able to extract data from Yahoo Mail servers by using a free tool.




Previous
Next
HyperX Releases The FURY Memory Line For Overclockers        All News        New Asus ESC4000 G2S Series HPC GPU Servers For Intel Xeon Processors
Facebook To Show Bigger Ads     General Computing News      Lenovo, Tencent To offer XP Tech support in China

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .