[NTLUG:Discuss] Critical crypto bug
Leroy Tennison
leroy_tennison at prodigy.net
Mon Apr 7 21:18:27 CDT 2014
On 04/07/2014 11:25 AM, Greg Edwards wrote:
> Big time OOPS!!
>
> Note to all programmers, NEVER use goto!! IMHO "goto" should be
> removed from every programming language known man.
>
> Greg
> http://greg.edwards-tx.us
>
>
> Fred wrote:
>> http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
>>
>>
>> by Dan Goodin - Mar 4 2014
>>
>> Hundreds of open source packages, including the Red Hat, Ubuntu,
>> and Debian distributions of Linux, are susceptible to attacks that
>> circumvent the most widely used technology to prevent eavesdropping
>> on the Internet, thanks to an extremely critical vulnerability in a
>> widely
>> used cryptographic code library.
>>
>> The bug in the GnuTLS library makes it trivial for attackers to bypass
>> secure sockets layer (SSL) and Transport Layer Security (TLS)
>> protections available on websites that depend on the open source
>> package. Initial estimates included in Internet discussions such as this
>> one indicate that more than 200 different operating systems or
>> applications rely on GnuTLS to implement crucial SSL and TLS
>> operations, but it wouldn't be surprising if the actual number is much
>> higher. Web applications, e-mail programs, and other code that use the
>> library are vulnerable to exploits that allow attackers monitoring
>> connections to silently decode encrypted traffic passing between end
>> users and servers.
>>
>> Read the rest at the link above
>>
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
>>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
I just checked my version of libguntls to find it doesn't meet muster
and my distro isn't showing any updates at this time. Wonder how long
before I can trust SSL again...
More information about the Discuss
mailing list