DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, ATi, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
September 1, 2014 
Main Menu

Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 91 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

RSS
RSS





 

Massive security flaw discovered in Linux library

Posted on Thursday, March 06 2014 @ 10:34:50 CET by


Security researchers discovered a gaping security hole in GnuTLS, a cryptographic code library used by hundreds of open source packages. The bug makes it easy for attackers to bypass SSL and TLS protection layers to eavesdrop on your web traffic:
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical "goto fail" flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.
Full details at ARS Technica.


 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2014 DM Media Group bvba