Thursday, September 18, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sony To Offer Unity For PlayStation To PlayStation Licensed Developers
Blackberry Introduces Elegant Porsche Design P9983 Smartphone
Club 3D Launches 4K Docking Station
Logitech Gives You Control of Your Smart Home with the New Harmony Living Home Lineup
New iPads And OS X Yosemite Announcements Expected Next Month
Opera Max Data-savings App to be Embedded into MediaTek's LTE SoCs
Nero 2015 Supports Burning via Smartphone, WiFi Streaming
PMC Delivers 16-port SAS and SATA Storage Controllers
Active Discussions
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
 Home > News > General Computing > OpenSSL...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, April 09, 2014
OpenSSL Cryptographic Bug Poses Threats User Data


A newly discovered bug in in the popular OpenSSL cryptographic software library has made data on many of the world's major websites vulnerable to theft by hackers.

The so-called "Heartbleed Bug" allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The vulnerability could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.

The U.S. government's Department of Homeland Security has already advised businesses to review their servers to see if they were using vulnerable versions a type of OpenSSL. A fixed OpenSSL has been released and now it has to be deployed.

The bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Status of different versions of the OpenSSL:

- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable

Security experts estimate that hundreds of thousands of web and email servers around the globe need to be patched as soon as possible to protect them from attack by hackers.

And according to a recent report from the Arstechnica.com web site, Security researcher Mark Loman was able to extract data from Yahoo Mail servers by using a free tool.




Previous
Next
HyperX Releases The FURY Memory Line For Overclockers        All News        New Asus ESC4000 G2S Series HPC GPU Servers For Intel Xeon Processors
Facebook To Show Bigger Ads     General Computing News      Lenovo, Tencent To offer XP Tech support in China

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .