New OpenSSL Flaw Brings Back Heartbleed Memories

ThereEUs a new EUhigh severityEU flaw that demands your immediate attention. The OpenSSL Project team issued a warning about an alert that will roll out Thursday with more detailed information. For now, itEUs somewhat of a mystery.

The OpenSSL Project is a collaborative effort to develop a commercial-grade, full-feature, and open source toolkit that includes Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and a strong general purpose cryptography library. A global community of volunteers uses the Internet to communicate, plan, and develop the OpenSSL toolkit.

EUThe OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p.,EU an alert released Monday noted. EUThese releases will be made available on 9th July. They will fix a single security defect classified as EUhighEU severity. This defect does not affect the 1.0.0 or 0.9.8 releases.EU

Should We Expect Massive Problems?

The new high-severity flaw has the industry talking because of the OpenSSL-Heartbleed connection. In 2014, security engineers at Codenomicon found a bug that could give hackers access to user passwords and even trick people into using fake versions of popular Web sites. That bug, of course, was called Heartbleed and it impacted most of the Internet.

Codenomicon discovered that the vulnerability was in the OpenSSL cryptographic software library. The weakness stole information typically protected by the SSL/TLS encryption used to secure the Internet, the company said. During the fallout, there was some talk that it might even disconnect the emerging Internet of Things.

OpenSSL has a developer-friendly license, requiring only attribution for it to be linked against, copied and pasted or otherwise incorporated into a derivative software product, Ed Moyle, director of Emerging Business and Technology, ISACA, an international professional organization focused on IT governance, told us. ItEUs also free.

According to Moyle, all this makes it compelling for developers to use...

Comments are closed.