Tuesday, September 30, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
TSMC and ARM Announce 16nm FinFET Silicon with 64-bit ARM big.LITTLE Technology
Google To Unveil New Music Services
Europe Says Ireland Helped Apple Pay Less Taxes
Pioneer Develops Rearview Mirror Telematics Unit With LTE Connectivity
Intel and Mitsubishi Electric Collaborate to Create Factory Automation Systems
Belkin Announces New Thunderbolt 2 Express Dock HD for Mac and PC Computers
iPhone 6 And iPhone 6 Plus Available in China By October 17
Apple Patches Bash Vulnerability in OS X
Active Discussions
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
 Home > News > General Computing > OpenSSL...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, April 09, 2014
OpenSSL Cryptographic Bug Poses Threats User Data


A newly discovered bug in in the popular OpenSSL cryptographic software library has made data on many of the world's major websites vulnerable to theft by hackers.

The so-called "Heartbleed Bug" allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The vulnerability could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.

The U.S. government's Department of Homeland Security has already advised businesses to review their servers to see if they were using vulnerable versions a type of OpenSSL. A fixed OpenSSL has been released and now it has to be deployed.

The bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Status of different versions of the OpenSSL:

- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable

Security experts estimate that hundreds of thousands of web and email servers around the globe need to be patched as soon as possible to protect them from attack by hackers.

And according to a recent report from the Arstechnica.com web site, Security researcher Mark Loman was able to extract data from Yahoo Mail servers by using a free tool.




Previous
Next
HyperX Releases The FURY Memory Line For Overclockers        All News        New Asus ESC4000 G2S Series HPC GPU Servers For Intel Xeon Processors
Facebook To Show Bigger Ads     General Computing News      Lenovo, Tencent To offer XP Tech support in China

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .