Jump to content

Oh great: is this new OpenSSL flaw worse than Heartbleed?

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted
Oh great: is this new OpenSSL flaw worse than Heartbleed?

The Heartbleed flaw discovered in OpenSSL was one of the worst web vulnerabilities in history, but believe it or not it may already have been dethroned.

Even more incredible is the fact that once again, OpenSSL may be to blame.

The "CCS Injection Vulnerability" was discovered by Tatsuya Hayashi, who said it "may be more dangerous than Heartbleed," according to The Guardian.

Attackers can reportedly use this weakness to intercept and even alter data passing between computer and websites in a classic man-in-the-middle maneuver as long as they're on the same network, like a public Wi-Fi hub.

Hopelessly flawed

The flaw was reportedly introduced into the OpenSSL encryption standard 16 years ago, when OpenSSL was introduced in 1998, but it's only just been discovered.

It affects all past versions of OpenSSL and servers running OpenSSL 1.0.1 or the beta version for 1.0.2.

Meanwhile it's not even the only flaw to be uncovered this week - another one allowed hackers to send malicious code to machines running OpenSSL, and it was reportedly added four years ago by Robin Seggelmann, the same dev who created Heartbleed.

The OpenSSL open source project has already issued a patch, but this newest discovery has nevertheless revived the question of whether it's time to kill OpenSSL once and for all.

mf.gif


rc.img
rc.img
rc.img

a2.imga2t.imgunqsN-jU4A0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept