Saturday, April 18, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung Logo Removed From Japanese Smartphones
Google Is Getting Serious With Project Loon
New Technology Can Track Detailed Hand Motion
Office Universal apps Coming Next Month On Windows 10 for Phones
FCC Makes 150 MHz Of Contiguous Spectrum Available To Telecom Companies
Google Extends Chrome Support For Windows XP
ASUS X99 and Z97 Motherboards Now Support NVM Express Devices
AMD Reports Loss, Exits From High-density Server Business
Active Discussions
Help make DVDInfoPro better with dvdinfomantis!!!
Question about nero
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
cdrw trouble
Need serious help!!!!
burning
 Home > News > General Computing > OpenSSL...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, April 09, 2014
OpenSSL Cryptographic Bug Poses Threats User Data


A newly discovered bug in in the popular OpenSSL cryptographic software library has made data on many of the world's major websites vulnerable to theft by hackers.

The so-called "Heartbleed Bug" allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The vulnerability could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.

The U.S. government's Department of Homeland Security has already advised businesses to review their servers to see if they were using vulnerable versions a type of OpenSSL. A fixed OpenSSL has been released and now it has to be deployed.

The bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Status of different versions of the OpenSSL:

- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable

Security experts estimate that hundreds of thousands of web and email servers around the globe need to be patched as soon as possible to protect them from attack by hackers.

And according to a recent report from the Arstechnica.com web site, Security researcher Mark Loman was able to extract data from Yahoo Mail servers by using a free tool.




Previous
Next
HyperX Releases The FURY Memory Line For Overclockers        All News        New Asus ESC4000 G2S Series HPC GPU Servers For Intel Xeon Processors
Facebook To Show Bigger Ads     General Computing News      Lenovo, Tencent To offer XP Tech support in China

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .