You might have already heard about the Heartbleed bug, it was so massive everyone who implemented OpenSSL had to quickly fix it and asked their user to change the passwords, including Google, Facebook and others.
Yesterday, new vulnerability was found in OpenSSL, this bug could lead to an attacker on the same network to steal the decrypt data such as passwords and credit card numbers.
Researchers says that is bug is not as bad as the Heartbleed bug because, in order to exploit this new but, attacker should be on the same network as you are. This is a problem for public networks such as free Wi-Fi on restaurants and coffee shops. But on your home or office, this is usually not possible.
Another point about this bug is, that unlike Heartbleed, both server and client has to run vulnerable version of OpenSSL in order to carry on the attack.
OpenSSL is an open sourced encryption library used in server – client transactions that uses SSL and TSL protocols. The project is managed by worldwide community and are updated in fast phase.
Soruce: Neowin
No comments :
Post a Comment