Menu
SpaceX and Boeing build manned NASA Spaceships

SpaceX and Boeing build manned NASA Spaceships

iOS 8 Download Release is Expected at 10 am PDT

iOS 8 Download Release is Expected at 10 am PDT

Matt Damon is Jason Bourne Again

Matt Damon is Jason Bourne Again

Galaxy Note 4 Screen is the World's Best

Galaxy Note 4 Screen is the World's Best

iPhone 6 Reviews are Glowing

iPhone 6 Reviews are Glowing

New OpenSSL Defects: Is this another Heartbleed?

Jun 6 2014, 3:20am CDT | by , in News | Technology News

New OpenSSL Defects: Is this another Heartbleed?
 
 

YouTube Videos Comments

Full Story

New OpenSSL Defects: Is this another Heartbleed?

OpenSSL is the same software that recently hit the headlines for the Heartbleed vulnerability. The 6 software defects (details available here) range in severity and impact and can allow an attacker to create a denial of service condition, or in certain situations remote code execution (for the uninitiated this is basically a very bad thing because attackers can run any code they want to do whatever they want on your computer). Some have been quick to spring on these defects as “another heartbleed”, but while these defects are serious this seems a bit of a stretch. That said, you still need to take note. The announcement, shown below, reveals a myriad of nasty vulnerabilities.

OpenSSL has released fixes for all of these defects and lists the vulnerable versions (and patches). In short if your IT team patch the software all of these risks can be mitigated. Unfortunately, as we’ve learned from Heartbleed (and other instances) many IT organisations are very fast to patch Windows systems but very slow to deal with Linux (or other) systems. This leaves extended periods where surprisingly critical software is not patched and attackers could compromise your systems. null . The vendors of these products show little sign of patching any time soon.

To re-iterate from my previous post, all software has defects and the reporting of such a large group of vulnerabilities is actually reassuring. During the Heartbleed saga we learned that the team responsible for maintaining this crucial code is surprisingly small, underfunded and the code under reviewed. The myriad of researchers names in this release show more firms and researchers getting their eyes on the code and identifying problems. null  (and the many that will undoubtedly follow).

Make sure your organisation has a plan to patch these defects to prevent attackers crashing your critical systems or potentially executing malicious code. In particular pay close attention to web servers but any other system that uses SSL to encrypt information including appliances may have the defect too. Follow @jameslyne on Twitter.

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

McDonald’s Free Coffee is a Ploy at Image-Making
McDonald’s Free Coffee is a Ploy at Image-Making
McDonald’s free coffee is actually a ploy by the fast food giant at image-making for its McCafe brand.
 
 
McDonald&#039;s Free Coffee Promotion Starts Tomorrow
McDonald's Free Coffee: The Funniest Tweets
McDonald's is offering again free coffee for two weeks. The Internet reacts with big cheer?
 
 
Chris Brown and Rihanna are Soul Mates for All Purposes
Chris Brown and Rihanna are Soul Mates for All Purposes
Chris Brown and Rihanna are soul mates for all purposes. And Karrueche Tran is the one caught in the middle.
 
 
Gerard Depardieu can Drink 14 Bottles of Wine a Day
Gerard Depardieu can Drink 14 Bottles of Wine a Day
Legendary actor Gerard Depardieu tells in magazine interview about his extreme drinking habit.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.