New OpenSSL breach is no Heartbleed, but needs to be taken seriously

    Date06 Jun 2014
    CategoryLatest News
    Posted ByDave Wreski
    It's been a bad week for open-source Secure Socket Layer (SSL) programs. First, the obscure, GnuTLS was revealed to have a trivial but damning flaw. Then, the massively popular OpenSSL was found to have a man-in-the-middle vulnerability. After the Heartbleed fiasco, OpenSSL needed this like a hole in the head. This vulnerability, according to Adam Langley, a senior staff software engineer at Google, has been around for at least 15 years. It's a pity the Core Infrastructure Initiative (CII) riding to OpenSSL's rescue with more developer funding didn't happen any sooner than it did.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.