Major OpenSSL Security Flaw puts E-Commerce, most of the Internet in Jeopardy
The open-source software package known as OpenSSL that is widely used to secure Web communications through SSL/TLS encryption is reported to have a significant weak spot. This vulnerability could allow hackers to steal valuable information such as emails, instant messages, banking and e-commerce data as well as virtual private networks (VPNs). In turn, this could have a negative impact on the Bitcoin economy and cryptocurrencies as a whole. While the potential impact of the remains to be seen, security experts suggest that most Internet users are affected, either directly or indirectly.....
Related News
Over half the internet could have been compromised by a two-year-old security flaw that also could affect a number of online bitcoin services, it was revealed today. The vulnerability, named 'Heartbleed', affects versions of OpenSSL, an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic, including: passwords, messages, e-commerce and banking, and other sensitive data including Virtual Private Networks (VPNs). OpenSSL is the most popular software library used for this purpose. Two years old. The Heartbleed flaw has reportedly....
Just last year, a major vulnerability in the OpenSSL protocol caused a lot of concern for internet traffic all around. Not only are nearly all sites protected by OpenSSL, but various web apps and other third-party platforms rely on this security standard as well. And even though heartbleed had been fixed for a while now, there are other vulnerabilities that need to be patched sooner rather than later. On Thursday – two days from the time of publication – a new version of OpenSSL will be released to the public that contains two major vulnerability patches. Considering the fact that most....
Digital currencies remain an exciting new technology striving for mainstream adoption, but their struggle is not without precedent - The consumer and technical roadblocks they face are akin to those overcome by key Internet protocols. Two new Consensus 2015 speakers will look back at the mainstreaming of e-commerce and Internet security, providing a deep dive into the historical lessons that could come to shape the technology's future. Last April the Heartbleed Bug was uncovered, revealing that the majority of websites on the Internet were vulnerable to information theft. The bug was....
Bleeding private data since 2012. Discovery of a memory leak bug in OpenSSL means that each and every internet user is likely to have been affected either directly or indirectly. Dubbed the “Heartbleed Bug”, this vulnerability allows stealing of information that usually would be encrypted by a secure SSL/TLS session over the internet. Everyday Bitcoin client operation does not directly use OpenSSL, however, the Bitcoin Core 0.9.0 (and each prior version) uses OpenSSL for remote procedure calls (RPC) via https. New functionality introduced in version 0.9.0 is the ability to fetch payment....
Yesterday, Google published the details of an SSL 3.0 design vulnerability that renders SSL 3.0 completely insecure and useless. SSL 3.0 is over fifteen years old and up until today, was still supported by most browsers. When attempting to communicate with a website, usually a browser will use the latest technology and connect to the HTTPS servers; however, failed connections are tried on older, clearly deprecated, protocols such as SSL 3.0. As such, attackers can force targets to disconnect and then reconnect using SSL 3.0, thus exposing their current session to take-over. Also read:....