[NTLUG:Discuss] Critical crypto bug
Greg Edwards
greg at edwards-tx.us
Mon Apr 7 11:25:08 CDT 2014
Big time OOPS!!
Note to all programmers, NEVER use goto!! IMHO "goto" should be
removed from every programming language known man.
Greg
http://greg.edwards-tx.us
Fred wrote:
> http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
>
> by Dan Goodin - Mar 4 2014
>
> Hundreds of open source packages, including the Red Hat, Ubuntu,
> and Debian distributions of Linux, are susceptible to attacks that
> circumvent the most widely used technology to prevent eavesdropping
> on the Internet, thanks to an extremely critical vulnerability in a widely
> used cryptographic code library.
>
> The bug in the GnuTLS library makes it trivial for attackers to bypass
> secure sockets layer (SSL) and Transport Layer Security (TLS)
> protections available on websites that depend on the open source
> package. Initial estimates included in Internet discussions such as this
> one indicate that more than 200 different operating systems or
> applications rely on GnuTLS to implement crucial SSL and TLS
> operations, but it wouldn't be surprising if the actual number is much
> higher. Web applications, e-mail programs, and other code that use the
> library are vulnerable to exploits that allow attackers monitoring
> connections to silently decode encrypted traffic passing between end
> users and servers.
>
> Read the rest at the link above
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list