Announcement

Collapse
No announcement yet.

Yet another OpenSSL Bug discovered.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Yet another OpenSSL Bug discovered.

    A vulnerability which allows hackers to intercept data on an encrypted connection and also decrypt it has been discovered in OpenSSL.

    The exploit in OpenSSLís ChangeCipherSpec processing can be used for man in the middle attacks and affects OpenSSL 1.0.1 - 1.0.1g, OpenSSL 1.0.0 through 1.0.0I, and all versions prior to OpenSSL 0.9.8y.

    The bug which was recently discovered by a Japanese researcher is like adding salt to the wounds that were left by the Heartbleed vulnerability in OpenSSL discovered in April this year.

    If someone exploits the bug then there is no trace of the attacker which makes it even worse.

    To tackle the latest vulnerability in OpenSSL, software updates for Ubuntu, Debain, CentOS, FreeBSD, Red Hat 5 and Red Hat 6 have been released.
    eUKhost Ltd.: eUK Web Hosting | eUK Dedicated Servers | eNlight Cloud Hosting | Build a Website
    Join our Affiliate program for free and earn up to £400 per sale!
    "A DECADE OF EXCELLENT SUPPORT"

  • #2
    Re: Yet another OpenSSL Bug discovered.

    Ouch
    Find us on Twitter and Facebook

    Need to contact us?
    Customer Support: Client Area - 0800 862 0380 (option 2)
    Customer Relations: [email protected] - 0800 862 0380 (option 3)
    Sales: [email protected] - 0800 862 0380 (option 1)




    The opinions or views expressed above are not necessarily the opinions or views of eUKhost Ltd.

    Comment


    • #3
      Re: Yet another OpenSSL Bug discovered.

      Originally posted by Eric Brown View Post
      A vulnerability which allows hackers to intercept data on an encrypted connection and also decrypt it has been discovered in OpenSSL.

      The exploit in OpenSSL’s ChangeCipherSpec processing can be used for man in the middle attacks and affects OpenSSL 1.0.1 - 1.0.1g, OpenSSL 1.0.0 through 1.0.0I, and all versions prior to OpenSSL 0.9.8y.

      The bug which was recently discovered by a Japanese researcher is like adding salt to the wounds that were left by the Heartbleed vulnerability in OpenSSL discovered in April this year.

      If someone exploits the bug then there is no trace of the attacker which makes it even worse.

      To tackle the latest vulnerability in OpenSSL, software updates for Ubuntu, Debain, CentOS, FreeBSD, Red Hat 5 and Red Hat 6 have been released.
      This OpenSSL vulnerability might be well termed "at just a warning (4.0) level" when compared to the higher risks which were involved in the HeartBleed bug. Heartbleed involved resetting of server SSL certificates which was indeed a tedious job, specially when doing on several thousands of servers & within a short time span. For one to exploit using this vulnerability is much difficult & there are no incident reports as of yet.. fingers crossed...
      Rock _a.k.a._ Jack Daniel

      Follow eUKhost on Twitter || Join eUKhost Community on Facebook

      Comment


      • #4
        Re: Yet another OpenSSL Bug discovered.

        It seems that the only Android browsers are vulnerable with this handshake kinda bug and in order to exploit it, both the client and servers should be running the same vulnerable OpenSSL versions.

        Its expected that there are a few flaws in OpenSSL and we have to patch it regularly, but when it comes to an alarm like a HeartBleed bug, for sure massive panic is going to happen in the hosting world.
        Regards,
        Kieran A.
        Cloud Administrator
        Skype :: Kieran.Alen | eUKhost

        Comment

        Working...
        X