OpenSSL is anything other than a good old colander? Once again the encryption library devastated last year by Heartbleed shows his vulnerability.
The team that manages the project announced a patch to July 9 for versions 1.0.2 and 1.0. 1 OpenSSL. The vulnerability, classified “high importance”, does not apply to versions 1.0.0 and 0.9.8 OpenSSL. This vulnerability can therefore generate a denial of major service, large memory leak or the execution of arbitrary code remotely.
OpenSSL was established in 1998 and is now used by three quarters of servers global web. This tool allows to implement the SSL (Secure Sockets Layer) and TLS (Transport Layer Security), which provide in principle to secure exchanges on the Internet. It is an open source product cryptography old and nobody can tell today if it contains no other vulnerabilities hidden in the mysteries of his code.
The GAFA take things in hand
You should know that when the Heathbleed scandal broke, the project had only one full-time developer, supported by some volunteers. Since then, GAFA took things in hand. Google, Facebook or Amazon decided to invest via the Core Infrastructure Initiative program, with almost 4 million over three years. An audit of the code has also been initiated, which has already helped provide some security patches.
But everyone does not play the game. A number of experts believe that the flaw was known Heartbleed and potentially exploited by US intelligence services and that at least two years before its discovery is made public.