OpenSSL fixes high-severity flaw that allows hackers to crash servers

by
Dan Goodin
from Ars Technica - All content on (#5FSZA)
wireless-security-800x534.jpg

Enlarge (credit: Getty Images)

OpenSSL, the most widely used software library for implementing website and email encryption, has patched a high-severity vulnerability that makes it easy for hackers to completely shut down huge numbers of servers.

OpenSSL provides time-tested cryptographic functions that implement the Transport Layer Security protocol, the successor to Secure Sockets Layer that encrypts data flowing between Internet servers and end-user clients. People developing applications that use TLS rely on OpenSSL to save time and avoid programming errors that are common when noncryptographers build applications that use complex encryption.

The crucial role OpenSSL plays in Internet security came into full view in 2014 when hackers began exploiting a critical vulnerability in the open source code library that let them steal encryption keys, customer information, and other sensitive data from servers all over the world. Heartbleed, as the security flaw was called, demonstrated how a couple lines of faulty code could topple the security of banks, news sites, law firms, and more.

Read 9 remaining paragraphs | Comments

index?i=8Q-VZKCh1eE:D-vyYYQdeAE:V_sGLiPB index?i=8Q-VZKCh1eE:D-vyYYQdeAE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments