[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping




Bill,

I agree that we can assume this vulnerability hasn't been exploited in the past two years. Lots of customer money suddenly vanishing from big financial institutions would have set off a big hullaballoo.

But all this publicity has alerted hackers to its existence, presumably opening a window of opportunity for them before everyone patches the problem....

Lynn


On Wed, Apr 9, 2014 at 10:22 AM, Bill Troop mailto:billtroop@xxxxxxxx wrote:
Isn't it significant, though, that this vulnerability has existed for two years and that it hasn't been perceptibly exploited? The announcement seems to have an agenda other than user safety (i.e. the authors want to improve their credentials by publishing a sensational paper).

At 09/04/2014 05:23, you wrote:
Here's the stuff of nightmares - off topic, but important to know about:

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

That's the most detailed story, but it's running everywhere at this point - Reuters, CNN, NYT, WSJ etc

Lynn Brenner