We all thought that April 8, 2014, will go down in computer history as the day when one of Microsoft's most beloved products reached the end of support.
As it turns out, we were wrong, as that expected occasion was overshadowed by an unexpected event: the public revelation of a bug that affects OpenSSL, one of the most widely used implementations of the SSL and TLS protocols and, thus, a wide array of operating systems and applications, computers and Internet-of-Things devices, smartphones and tablets.
OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, sports a critical vulnerability that can easily be misused by attackers to impersonate online services and steal information users believe to be protected by SSL/TLS.
What's even worse is that such an attack leaves no physical trace in the logs, so it's impossible to tell whether the vulnerability - dubbed the "Heartbleed Bug" by the Codenomicon and Google researchers who identified it - has been exploited in the wild since it was first introduced in December 2011.
Find out:
More details about the vulnerability
No comments:
Post a Comment