Tuesday, June 10, 2014

Latest OpenSSL bug ‘may be more dangerous than Heartbleed

As many of our readers already know, Heartbleed bug is a serious OpenSSL vulnerability allows remote attackers to steal sensitive information protected by SSL/TLS encryption because. It affected millions of websites, and there are still vulnerable/un-patched servers exist. Now researchers discovered new OpenSSL vulnerabilities and one of them is maybe more critical than Heartbleed. It allows attackers to decrypt and modify traffic protected by the transport layer security (TLS) protocol (Web, e-mail, VPN) , which is the Internet’s most widely used method for encrypting traffic traveling between clients and servers. In other words, vulnerability allows an attacker to perform Man-in-the-Middle (MITM) attacks on encrypted connections.

Tatsuya Hayashi, the researcher who found one of the critical bugs, told that the latest flaw “may be more dangerous than Heartbleed” as it could be used to directly spy on people’s communications.

Vulnerabilities have been disclosed in a security advisory issued by the OpenSSL Project and server admins running vulnerable versions have been urged to install the patches. Security advisory included details as follows;