Science and Technology : Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Gorilla

Well-Known Member
MEMBER
Jan 31, 2009
2,450
1,372
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical "goto fail" flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

Full article: http://arstechnica.com/security/201...linux-hundreds-of-apps-open-to-eavesdropping/
 

Kemetstry

going above and beyond
PREMIUM MEMBER
Feb 19, 2001
28,700
8,139
Detroit
Occupation
Chemist

Gorilla

Well-Known Member
MEMBER
Jan 31, 2009
2,450
1,372
I have never gotten this fixation with hacking



.


Some people are fascinated by understanding how something works, and experimenting. Add a general interest in code or security, and it can be a great benefit.

GnuTLS, if I understand correctly, is part of Debian's favored projects because of licensing. It stands to reason that this improvement will trickle out to a lot of users.

One more security hole closed is another one that can't be exploited by criminals or state actors.
 

Kemetstry

going above and beyond
PREMIUM MEMBER
Feb 19, 2001
28,700
8,139
Detroit
Occupation
Chemist
Some people are fascinated by understanding how something works, and experimenting. Add a general interest in code or security, and it can be a great benefit.

GnuTLS, if I understand correctly, is part of Debian's favored projects because of licensing. It stands to reason that this improvement will trickle out to a lot of users.

One more security hole closed is another one that can't be exploited by criminals or state actors.



I guess we'll need to open cyber prisons soon. Someone with that talent can make so much more money going legit though






.
 

Gorilla

Well-Known Member
MEMBER
Jan 31, 2009
2,450
1,372
I guess we'll need to open cyber prisons soon. Someone with that talent can make so much more money going legit though



.


No one has done anything negative with this as far as I know.

As for going legit, that depends. There are people out there who like to buy up undisclosed/non-public exploits and vulnerabilities. They can fetch a pretty penny.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Thread starter Similar threads Forum Replies Date
Clyde C Coger Jr African American History Culture : CRITICAL LESSONS FROM DR. MARTIN LUTHER KING FOR THESE TIMES African American History Culture 0
Clyde C Coger Jr Black Christians : SBC wants to scrap resolution on critical race theory, Pastor Dwight McKissic says Christian Study Group 17
HODEE Black People Politics : Besides Executive Orders Trump Since October has been removing critical regulations and trying to pass so many controversial laws Black People Politics 4
Clyde C Coger Jr Computers - Software Hardware : A ‘Critical’ Unpatched Flaw Has Affected All Versions Of Windows: Microsoft Science and Technology 87
Clyde C Coger Jr Food Discussion : What are GMO's: 16 genetically modified foods that are critical to the US food supply Food Discussion and Recipes 2
Alarm Clock Haiti : Report Critical of USAID in Haiti: No “Detailed Information on Funding and Sector Activities” Pan-Africanism - African Diaspora 0
Keita Kenyatta South Africa : South Africa: Nelson Mandela in critical condition South Africa 3
Shikamaru Black Money Business Jobs : Critical thinking Black Money Business Jobs 22
R Black Poetry : Got a critical style like a political exile so it marinated Black Poetry - Get Your Flow On! 6
Chief Elder Osiris Chief Elder Osiris : What Constitute Objective Critical Thinking , Concerning Black People Condition In Th Chief Elder Osiris 0
abstract219 Black Poetry : Critical Analysis and Exegesis, by Eldred P. Walker, Night Shift Maintenance. Black Poetry - Get Your Flow On! 12
R Black Poetry : Critical Condition Black Poetry - Get Your Flow On! 19
DigitallyBlack Science and Technology : First Black Owned Crypto Currency: Guap Coin Science and Technology 5
Gorilla Computers - Software Hardware : The Matasano Crypto Challenges Science and Technology 0
Gorilla Computers - Software Hardware : Bitcoin - the cryptocurrency crypto-anarchist and libertarians can agree on. Science and Technology 13
Destee Black People : Goodnight Don't Let The Bed Bugs Bite ... Have you ever seen a bed bug in real life? Black People Open Forum 2
Kemetstry Health and Wellness : SUPER BUG KILLING PEOPLE IN L.A. Black Health and Wellness 1
shaka64 Black People : News Reporter swallows bug then loses it. Funny! Black People Open Forum 3
$$RICH$$ Black Poetry : Computer Luv Bug Black Poetry - Get Your Flow On! 13
1poetsought Quiet Poetry Lounge : Bug Off Black Poetry - Get Your Flow On! 16
Similar threads




















Latest profile posts

Cheryl Fitts wrote on Destee's profile.
I am looking for participants in a study to share their experiences as former African American males served as ED/EBD/BD in the southeast. Participants ages 18-35 will be interviewed and given the opportunity to express their thoughts, feelings and impressions of their school years. If interested or for more information please contact me directly. Thanks, Cheryl
Cheryl Fitts wrote on Destee's profile.
Thank you for the welcome. I have a question. I am a doctorate student in need of participants for my study. Is it allowable to post a request for study participants. If so, this is the post that would be uploaded:
Let's us all remember in 2021 to protect our energy and to do the best we can to grow and evolve.
Queen Destee im back still showing lo e after what 20+ yrs? You know always stop through from time to time
Destee wrote on rhymebad's profile.
@rhymebad ... i love you ... :love: ... what was going wrong about polls and being blocked and stuff?
Top