Leave a comment

Heartbleed II: This security hole has been wide open for 16 years

Heartbleed II: This security hole has been wide open for 16 years
Lepidum

What made the Heartbleed security bug so dangerous?

Heartbleed affected OpenSSL, the most widely-used encryption system on the Web. Because OpenSSL is used in so many different sites and servers, nearly everyone was affected in some way.

Now we've found another flaw in OpenSSL. Wired reports:

The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL’s “handshake” for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a “man-in-the-middle” snoop to decrypt and read the traffic.

Next page: How does this work and who does it affect?
The new HealthCare.gov
Previous Happening Now

The new HealthCare.gov

Bill Gates could buy Boston. Which billionaire can afford your town?
Next Happening Now

Bill Gates could buy Boston. Which billionaire can afford your town?

View Comments ()