Science and Technology : Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Donate

Please support destee.com, the oldest, most respectful, online black community in the world - PayPal or CashApp - Thank you.

Gorilla

Well-Known Member
REGISTERED MEMBER
Jan 31, 2009
2,450
1,372
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical "goto fail" flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

Full article: http://arstechnica.com/security/201...linux-hundreds-of-apps-open-to-eavesdropping/
 

Kemetstry

Well-Known Member
PREMIUM MEMBER
Feb 19, 2001
30,233
8,287
Detroit
Occupation
Chemist

Gorilla

Well-Known Member
REGISTERED MEMBER
Jan 31, 2009
2,450
1,372
I have never gotten this fixation with hacking



.


Some people are fascinated by understanding how something works, and experimenting. Add a general interest in code or security, and it can be a great benefit.

GnuTLS, if I understand correctly, is part of Debian's favored projects because of licensing. It stands to reason that this improvement will trickle out to a lot of users.

One more security hole closed is another one that can't be exploited by criminals or state actors.
 

Kemetstry

Well-Known Member
PREMIUM MEMBER
Feb 19, 2001
30,233
8,287
Detroit
Occupation
Chemist
Some people are fascinated by understanding how something works, and experimenting. Add a general interest in code or security, and it can be a great benefit.

GnuTLS, if I understand correctly, is part of Debian's favored projects because of licensing. It stands to reason that this improvement will trickle out to a lot of users.

One more security hole closed is another one that can't be exploited by criminals or state actors.



I guess we'll need to open cyber prisons soon. Someone with that talent can make so much more money going legit though






.
 

Gorilla

Well-Known Member
REGISTERED MEMBER
Jan 31, 2009
2,450
1,372
I guess we'll need to open cyber prisons soon. Someone with that talent can make so much more money going legit though



.


No one has done anything negative with this as far as I know.

As for going legit, that depends. There are people out there who like to buy up undisclosed/non-public exploits and vulnerabilities. They can fetch a pretty penny.
 

Latest profile posts

Hi! I'm not as active on this account as I want to be. For one I tend to forget that this site exists until I check my email. Two, I'm currently in the process of building up a fine art site for Oklahoma black and native historical references. The references correlate with another site that will be a storytelling site that has not yet been produced.
Happy to be back and gaining more knowledge!
Destee wrote on Cindy's profile.
Welcome Home Beloved! :wave: :love:
skuderjaymes wrote on Cindy's profile.
good to see you around Cindy.
2022 Has started and I hope everyone is having a safe and protected journey as we navigate this game of life
during this pandemic. We are not easily defeated so protect your momentum at all times. One Love.
Top