The team that discovered Heartbleed has found another 'high severity' security flaw affecting the internet
Reuters Photos
OpenSSL is a security protocol used by open source web servers such as Apache and Nginx - which host around 66% of all the world's sites.
The backend technology hit the headlines in 2014 when a massive security flaw, codenamed Heartbleed, was uncovered.
The flaw was dangerous as it could be exploited by hackers to steal data, even if it was encrypted, from sites and services using OpenSSL.
The nature of the new OpenSSL flaw remains unknown, though the high severity ranking given to it by the project has caused concerns.
The OpenSSL project classifies high severity bugs as "issues affecting common configurations which are also likely to be exploitable [hackable]. Examples include a server denial-of-service, a significant leak of server memory, and remote code execution."
In non-technical language, this means the bug could be used for a range of purposes by hackers, varying from basic nuisance attacks that knock websites and services using OpenSSL offline, to installing malware on victim systems.
Further details about the vulnerability remain unknown, as OpenSSL doesn't want to provide hackers with information they could use to exploit the flaw ahead of its July 9 fix.
This isn't the first major fix released by the OpenSSL Project since Heartbleed. The OpenSSL project released another security update patching 14 vulnerabilities, two of which were also high severity, in May.
The news follows hostility from US and UK government departments to secure services like OpenSSL.
James Comey, director of the Federal Bureau of Investigation (FBI) claimed law enforcement and intelligence agencies need ways to read encrypted traffic if they hope to combat terrorism and crime, earlier in June.
- US buys 81 Soviet-era combat aircraft from Russia's ally costing on average less than $20,000 each, report says
- 2 states where home prices are falling because there are too many houses and not enough buyers
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- Upcoming smartphones launching in India in May 2024
- Markets rebound in early trade amid global rally, buying in ICICI Bank and Reliance
- Women in Leadership
- Rupee declines 5 paise to 83.43 against US dollar in early trade
- Election Commission issues notification for sixth phase of Lok Sabha polls