Language Selection

English French German Italian Portuguese Spanish

'Severe' OpenSSL vuln busts public key crypto

Filed under
Security

Computer scientists say they've discovered a "severe vulnerability" in the world's most widely used software encryption package that allows them to retrieve a machine's secret cryptographic key.

The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.

An OpenSSL official, who asked that his name not be published, said engineers are in the process of pushing out a patch and stressed the attack is difficult to carry out in real-world settings.

More details here




More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: Gaming

Can Marten Mickos make 'Linux for the cloud' work for HP?

Hewlett-Packard didn’t just buy cloudy startup Eucalyptus Systems to build its fledgling OpenStack cloud biz, it also bought Marten Mickos, the firm’s Finnish CEO. HP isn’t the first to pay for Mickos' expertise - that was Sun Microsystems, when it acquired his venture previous venture, MySQL AB, for $1bn in 2008. Read more