Leave a comment

Heartbleed II: This security hole has been wide open for 16 years

Basically, this lets an attacker trick your computer into revealing everything it sends and receives from another computer. In some ways, it's not as bad as Heartbleed, because it must be used in more specific situations, but in others it's just as dangerous.

Unlike the Heartbleed flaw, which allowed anyone to directly attack any server using OpenSSL, the attacker exploiting this newly discovered bug would have to be located somewhere between the two computers communicating. But that still leaves open the possibility that anyone from an eavesdropper on your local Starbucks’ network to the NSA to strip away your Web connection’s encryption before it’s even initialized.

The worst part is, this flaw has been around since the beginning of OpenSSL - in 1998. That's 16 years of constant vulnerability.

The good news is, the bug has already been fixed. Sites and servers have already begun patching OpenSSL to fix the vulnerability. In the meantime, you can protect yourself by practicing safe password procedure.

A security flaw that functioned a lot like Heartbleed was recently uncovered in a different encryption library. Click here to find out which computers are affected by the latest Heartbleed-style attack.

A cousin of the infamous Heartbleed bug recently struck Android gadgets and routers. If you have a home Wi-Fi network or an Android phone or tablet, you really need to read this. Click here to find out how to protect yourself.

Next Story
Source: Wired
View Comments ()
The new HealthCare.gov
Previous Happening Now

The new HealthCare.gov

Bill Gates could buy Boston. Which billionaire can afford your town?
Next Happening Now

Bill Gates could buy Boston. Which billionaire can afford your town?