Heartbleed, the bug found in the widely used OpenSSL encryption protocol, with some 12,000 popular domains still vulnerable, according to AVG Virus Labs.
Now they have something else to worry about. On Thursday, the OpenSSL Foundation issued a warning to users that a decade-old bug that makes it possible for an attacker to conduct a so-called man-in-the-middle attack on traffic encrypted with OpenSSL. The advisory warns users that someone could use the bug to intercept an encrypted connection, decrypt it, and read the traffic.
Users of OpenSSL are advised to deploy a new patch and upgrade to the latest version of OpenSSL software. The bug was initially discovered by Masashi Kikuchi, a Japanese researcher at Lepidum, a software firm. “Attackers can eavesdrop and make falsifications on your communication when both of a server and a client are vulnerable,” reads an FAQ on Lepidum‘s website.
keyboard shortcuts: V vote up article J next comment K previous comment