NNSquad - Network Neutrality Squad
[ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
http://j.mp/1jPcVOr (Ars Technica)
"Hundreds of open source packages, including the Red Hat, Ubuntu, and
Debian distributions of Linux, are susceptible to attacks that
circumvent the most widely used technology to prevent eavesdropping on
the Internet, thanks to an extremely critical vulnerability in a
widely used cryptographic code library. The bug in the GnuTLS library
makes it trivial for attackers to bypass secure sockets layer (SSL)
and Transport Layer Security (TLS) protections available on websites
that depend on the open source package. Initial estimates included in
Internet discussions such as this one indicate that more than 200
different operating systems or applications rely on GnuTLS to
implement crucial SSL and TLS operations, but it wouldn't be
surprising if the actual number is much higher. Web applications,
e-mail programs, and other code that use the library are vulnerable to
exploits that allow attackers monitoring connections to silently
decode encrypted traffic passing between end users and servers. The
bug is the result of commands in a section of the GnuTLS code that
verify the authenticity of TLS certificates, which are often known
simply as X509 certificates."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad