New Bugs Found In Open SSL Web Encryption Software
Security researchers have uncovered and patched new bugs in the Open SSL Web encryption software that caused the recenty uncovered "Heartbleed" Internet threat. The new bugs were disclosed on Thursday as the group responsible for developing that software released an OpenSSL update that contains seven security fixes.
The newly discovered vulnerabilities could allow hackers to spy on communications.
Masashi Kikuchi, who first discovered the so-called CCS injection vulnerability, has described it in a blog post. He says thee bug hasn’t been found for over 16 years adding that the code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation.
According to Adam Langley, a senior staff software engineer at Google, the latest vulnerability is nowhere near as bad as Heartbleed.
The OpenSSL technology is used on about two-thirds of all websites, including ones run Facebook nd Google. It is also incorporated into thousands of technology products from companies, including Cisco Systems, Hewlett-Packard, IBM, Intel and Oracle.