Heartbleed SSL Encryption Vulnerability Requires Quick Attention -
NEWS ANALYSIS: There are steps you can take to make sure that your critical information is protected from the Heartbleed encryption flaw and to confirm
whether you were at risk in the first place.
According to our report on the discovery of a significant vulnerability to the Secure Sockets Layer (SSL) encryption service as it's implemented in some
versions of Linux, an exploit could reveal up to 64 kilobytes of memory in the affected server.
The good news is that the OpenSSL Project issued a fix almost immediately, and passed it out as an update to Linux distributors. The bad news is that this
vulnerability has been around for two years.
There's more good news: There's no evidence that this vulnerability was ever exploited. But there's more bad news, too: Because of the way this
vulnerability works, we might not see evidence even if it had been exploited. Just how serious is this?
Tatu Yl?nen, Inventor of SSH encryption and CEO of the SSH security protocol, said that the problem is potentially bad. "This is an extremely serious
vulnerability in OpenSSL," Yl?nen said in an email from his home in Helsinki, Finland.
No comments:
Post a Comment