Tuesday, April 23, 2024
Search
English
Optical Storage
Graphics Cards
General Computing
PC Parts
Digital Cameras
Consumer Electronics
Games
Mobiles
All News Categories
Older News
Optical Storage
Graphics Cards
General Computing
PC Parts
Digital Cameras
Consumer Electronics
Games
Cooling Systems
Mobiles
Software Reviews
Reviews Around the Web
Technology Previews
Essays
Interviews
Tech Views
Glossary
FAQ
Guides/How-To's
Firmware
Drivers
BIOS
Software
Media Tests
Drive Comparisons
DVD Media Formats
All Forums
Become Member
Today's Posts
Popular Topics
In-House
Optical Storage
Optical Storage Software
General
Consumer Electronics
Other
News Around The Web
Advertise
Links
Jobs
Site Map
News/Reviews Feed
Submit News
Polls
Competitions
Users' Privacy
Contact Us
About
Home
|
News
|
Reviews
|
Articles
|
Guides
|
Download
|
Expert Area
|
Forum
|
Site Info
Wednesday, April 9, 2014
OpenSSL Cryptographic Bug Poses Threats User Data
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail:
* Required!
Recipient (e-mail):
*
Subject:
*
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
Message Text:
A newly discovered bug in in the popular OpenSSL cryptographic software library has made data on many of the world's major websites vulnerable to theft by hackers.
The so-called "Heartbleed Bug" allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The vulnerability could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.
The U.S. government's Department of Homeland Security has already advised businesses to review their servers to see if they were using vulnerable versions a type of OpenSSL. A fixed OpenSSL has been released and now it has to be deployed.
The bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
Status of different versions of the OpenSSL:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Security experts estimate that hundreds of thousands of web and email servers around the globe need to be patched as soon as possible to protect them from attack by hackers.
And according to a recent report from the Arstechnica.com web site, Security researcher Mark Loman was able to extract data from Yahoo Mail servers by using a free tool.
Tweet
Home
|
News
|
All News
|
Reviews
|
Articles
|
Guides
|
Download
|
Expert Area
|
Forum
|
Site Info
Site best viewed at 1024x768+ -
CDRINFO.COM
1998-2024 - All rights reserved
-
Privacy policy
-
Contact Us
.