New security holes appear all the time. But there are some that are critical. One of them is the so-called Bug Heartbleed in the bookcase of OpenSSL.
While the Heartbleed affects only OpenSSL in 1.0.1 and 1.0.2-beta only, version 1,01 is already everywhere. And since the encryption Secure-Socket Layer (SSL) και Transport Layer Security (TLS) βρίσκονται στο επίκεντρο της ασφάλειας στο Διαδίκτυο, αυτό το κενό ασφαλείας μπορεί να χαρακτηριστεί εξαιρετικά κρίσιμο.
The flaw can potentially be used to reveal not only the content of an encrypted message, such as a credit card transaction over HTTPS, but also the SSL primary and secondary keys themselves. This data could then, in theory, be used as an anti-key and bypass secure servers without leaving any trace of the website being compromised.
This error is not a problem with OpenSSL's native design. It's an implementation problem. We could say that it is the result of a programming error. There is already a bug fix of 1,01 OpenSSL, and developers are continuing to fix 1.02 beta.
Η CloudFlare, One company internet security, revealed the details in a post on her blog. The publication describes the security gap and that they have fixed the error. They seem to have used the methods described by OpenSSL. Unfortunately, for all others, the method was not ready for broad development.
According to a senior security technician from a large operating system company, “The main problem with CloudFlare was that it provided its own solution before a patch was released to the public. We are not opening a door and we are not waving a red flag before the patches that fix the problem are released. ”
Right now, Red Hat, Debian, SuSE, Canonical and Oracle developers are working hard to develop the patched versions of OpenSSL. It is expected that it may take about 12 hours to prepare them. Stay tuned if you use OSX1.01 or 1.02 because you need to install the update as soon as it is released.
