Just a few months after the discovery of the risk the Heartbleed Bug posed to hundreds of thousands of servers nationwide, a new security bug in OpenSSL encryption was reported and patched yesterday, according to an advisory released by the OpenSSL group. The new bug is the most serious of several security breaches referenced in the advisory, and apparently has been putting computers at risk for almost 15 years.
The “SSL/TLS MITM” vulnerability would allow a clever user to create a specialized “handshake” process between a client and server when an encrypted connection is being established. That user could then force the client and server to use weak keys, which then allows the intruder in the system to decrypt and change the traffic as it flows between the parties. The attacker is known for the purposes of this hack, as the “man-in-the-middle.”
In other words: it allows someone snooping your connection to neutralize your web encryption process.
According to Google software engineer Adam Langley this bug has likely been in existence for a decade and a half.
Masashi Kikuchi discovered the bug and created the patch for the system, which is part of an official OpenSSL fix also announced yesterday. Major browsers on desktops are not affected as they do no use OpenSSL—however, Chrome on Android does and may be affected.
“What’s Hot” is aggregated content. PYMNTS.com claims no responsibility for the accuracy of the content published by the original source.