A new OpenSSL vulnerability released as Heartbleed

heartbleedA new OpenSSL vulnerability has lately surfaced and many firms were annoyed with this finding, as the bug was found even before the patches were released for the same.

New security loops are a common occurrence which keeps happening always. Latest on this front is the Heartbleed bug in the OpenSSL cryptographic library, which experts believe is a really appalling one.

Heartbleed meanwhile affects only the 1.0.1 and the 1.0.2 beta releases of the Open SSL, but something that must be noted is that 1.01 is already deployed globally. As Transport Layer Security and Secure Socket Layer are at the core of Internet security, thus this security glitch cannot be just ignored.

This security glitch can be used in revealing not only the contents of a secured message like a financial transaction over HTTPs, but also the primary and secondary SSL keys too. This hacked data can then be used like skeleton keys to bypass secured servers without even making them aware that a website’s security has been bypassed.

This bug is not linked with the inherent design of the OpenSSL, but is an implementation issue, which means it’s an outcome of a programming error. The fix for the 1.01 program has been made available, but work is in progress for the 1.02 beta version.

The result is expected to be bad enough, but something that’s really bothering security companies and operating systems is that OpenSSL and others have not delivered the patched versions which could have possibly limited the blackhat hacking problems.  In the meantime, CloudFlare, a Web security company, touts to have fixed the bug making use of the method described by OpenSSL. But, for all others the methods were not leaked for broad deployment.

Some leading companies are now working at a very fast pace to release the patched versions of OpenSSL for their clients. It’s the need to deploy the patched version for both OpenSSL 1.01 and 1.02 as soon as possible, to ensure the outcome doesn’t turn outrageous.

The writer is an Norton technical support expert at SupportBuddy – a Global Company offering technical support for computers. Call 1-888-753-5164, connect with a live technician remotely, and get your issue resolved instantly while speaking on the Norton Tech Support Number.


About SupportMart Technical Services

Just call @ 1-800-793-7521 for Online Technical Support for personal computers & laptops by certified technicians at 24/7 basis. Visit us: http://www.supportmart.net/
This entry was posted in News and tagged . Bookmark the permalink.