[NTLUG:Discuss] Critical crypto bug
Fred
fredstevens at yahoo.com
Mon Apr 7 11:09:07 CDT 2014
http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
by Dan Goodin - Mar 4 2014
Hundreds of open source packages, including the Red Hat, Ubuntu,
and Debian distributions of Linux, are susceptible to attacks that
circumvent the most widely used technology to prevent eavesdropping
on the Internet, thanks to an extremely critical vulnerability in a widely
used cryptographic code library.
The bug in the GnuTLS library makes it trivial for attackers to bypass
secure sockets layer (SSL) and Transport Layer Security (TLS)
protections available on websites that depend on the open source
package. Initial estimates included in Internet discussions such as this
one indicate that more than 200 different operating systems or
applications rely on GnuTLS to implement crucial SSL and TLS
operations, but it wouldn't be surprising if the actual number is much
higher. Web applications, e-mail programs, and other code that use the
library are vulnerable to exploits that allow attackers monitoring
connections to silently decode encrypted traffic passing between end
users and servers.
Read the rest at the link above
More information about the Discuss
mailing list