Tech content trusted by users in North America and around the world
7,251 Reviews & Articles | 52,626 News Posts

OpenSSL gets patched for a problem that probably doesn't effect you

A new vulnerability has been found in OpenSSL, but this time it isn't so large, and has already been patched
By: Jeff Williams | Hacking & Security News | Posted: Jan 31, 2016 2:27 pm

The OpenSSL project has found, and patched, an issue that was fairly serious though it likely didn't effect very many people, or businesses for that matter.




The problem seems to have stemmed around how the open-source implementation of SSL and TLS reuses prime numbers while the Diffie-Hellman key-exchange protocol is used, making it far easier for a would-be attacker to decrypt your information. The good news is that in order for that to happen, a particular setting has to physically be set on, because it's not on by default.


Even better is that in order to have enough information to actually crack the encryption, there the attacker would have to connect (and reconnect via separate handshakes) several times. So it's not something that's of too much concern, certainly not at the same level of the Heartbleed vulnerability of 2014.


OpenSSL has been under scrutiny since the debacle of 2014 and an internal audit of the source code has been underway to find and patch bugs precisely like this one. So this is a good sign that the team looking into OpenSSL is hard at work. The patched version is 1.0.1f and 1.0.1r.


But again, this likely doesn't effect the majority of users of the software anyway.


Related Tags

Got an opinion on this news? Post a comment below!
Subscribe to our Newsletter

Latest News Posts

View More News Posts
View Our Latest Videos

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases