Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek


Filed under: News | Technology News


New OpenSSL Defects: Is this another Heartbleed?

Jun 6 2014, 3:20am CDT | by

1 Updates
New OpenSSL Defects: Is this another Heartbleed?

YouTube Videos Comments

Full Story

New OpenSSL Defects: Is this another Heartbleed?

OpenSSL is the same software that recently hit the headlines for the Heartbleed vulnerability. The 6 software defects (details available here) range in severity and impact and can allow an attacker to create a denial of service condition, or in certain situations remote code execution (for the uninitiated this is basically a very bad thing because attackers can run any code they want to do whatever they want on your computer). Some have been quick to spring on these defects as “another heartbleed”, but while these defects are serious this seems a bit of a stretch. That said, you still need to take note. The announcement, shown below, reveals a myriad of nasty vulnerabilities.

OpenSSL has released fixes for all of these defects and lists the vulnerable versions (and patches). In short if your IT team patch the software all of these risks can be mitigated. Unfortunately, as we’ve learned from Heartbleed (and other instances) many IT organisations are very fast to patch Windows systems but very slow to deal with Linux (or other) systems. This leaves extended periods where surprisingly critical software is not patched and attackers could compromise your systems. null . The vendors of these products show little sign of patching any time soon.

To re-iterate from my previous post, all software has defects and the reporting of such a large group of vulnerabilities is actually reassuring. During the Heartbleed saga we learned that the team responsible for maintaining this crucial code is surprisingly small, underfunded and the code under reviewed. The myriad of researchers names in this release show more firms and researchers getting their eyes on the code and identifying problems. null  (and the many that will undoubtedly follow).

Make sure your organisation has a plan to patch these defects to prevent attackers crashing your critical systems or potentially executing malicious code. In particular pay close attention to web servers but any other system that uses SSL to encrypt information including appliances may have the defect too. Follow @jameslyne on Twitter.


You Might Also Like


Sponsored Update


More From the Web

Shopping Deals


<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




blog comments powered by Disqus

Latest stories

Joan Rivers is &quot;Resting Comfortably&quot; says Melissa Rivers
Joan Rivers is "Resting Comfortably" says Melissa Rivers
Melissa Rivers, who is talk show host Joan Rivers’ daughter, recently informed the public about her mom’s convalescence in a hospital.
Harry Belafonte about to receive Special Oscar Award
Harry Belafonte about to receive Special Oscar Award
The veteran actor, songster and producer extraordinaire, Harry Belafonte is about to receive a special Oscar award. Three other people besides him will be awarded one too.
Google&#039;s Project Wing aims to create safe delivery drones
Google's Project Wing aims to create safe delivery drones
Google says that the project is still in its early stages of development.
Gabrielle Union Marriage Ceremony has Confidentiality Clause
Gabrielle Union, Dwayne Wade wants Marriage Confidential
The marriage ceremony between Gabrielle Union and Dwayne Wade has a confidentiality clause that the two have forced just about everyone who is attending it to sign.

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.