NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping


Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

http://j.mp/1jPcVOr  (Ars Technica)

    "Hundreds of open source packages, including the Red Hat, Ubuntu, and
     Debian distributions of Linux, are susceptible to attacks that
     circumvent the most widely used technology to prevent eavesdropping on
     the Internet, thanks to an extremely critical vulnerability in a
     widely used cryptographic code library.  The bug in the GnuTLS library
     makes it trivial for attackers to bypass secure sockets layer (SSL)
     and Transport Layer Security (TLS) protections available on websites
     that depend on the open source package. Initial estimates included in
     Internet discussions such as this one indicate that more than 200
     different operating systems or applications rely on GnuTLS to
     implement crucial SSL and TLS operations, but it wouldn't be
     surprising if the actual number is much higher. Web applications,
     e-mail programs, and other code that use the library are vulnerable to
     exploits that allow attackers monitoring connections to silently
     decode encrypted traffic passing between end users and servers.  The
     bug is the result of commands in a section of the GnuTLS code that
     verify the authenticity of TLS certificates, which are often known
     simply as X509 certificates."

 - - -

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad