Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

Posted by BernardSwiss on Apr 8, 2014 10:14 AM EDT
Ars Technica; By Dan Goodin
Mail this story
Print this story

The warning about the bug in OpenSSL coincided with the release of version 1.0.1g of the open-source program, which is the default cryptographic library used in the Apache and nginx Web server applications, as well as a wide variety of operating systems and e-mail and instant-messaging clients. The bug, which has resided in production versions of OpenSSL for more than two years, could make it possible for people to recover the private encryption key at the heart of the digital certificates used to authenticate Internet servers and to encrypt data traveling between them and end users. Attacks leave no traces in server logs, so there's no way of knowing if the bug has been actively exploited.

Full Story

» Read more about: Story Type: News Story, Security

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.