Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: OpenSSL, another blow  (Read 3961 times)

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
OpenSSL, another blow
« on: June 07, 2014, 09:00:19 PM »

http://www.theguardian.com/technology/2014/jun/06/heartbleed-openssl-bug-security-vulnerabilities

I am told by reliable sources that these new issues are not really comparable in severity to the catastrophic 'Heartbleed' OpenSSL issue  from a few months ago.   All the same, as the Guardian's expert concludes..

Quote
“It does seem like another nail in the coffin for OpenSSL. It may not be dead but this must be another blow to people’s confidence.”

 :(

Logged

loonylion

  • Reg Member
  • ***
  • Posts: 723
Re: OpenSSL, another blow
« Reply #1 on: June 08, 2014, 01:39:50 AM »

The Guardian's 'expert' doesn't know what he's talking about, IMO.  Windows has security holes that have been there for years, in some cases, decades, that Microsoft doesn't see fit to fix, not to mention the dozens of security fixes released every month fixing flaws that 'could allow an attacker to gain control of your system' and it doesn't seem to hurt people's confidence in that product. At least with open source the problems get found and get fixed, usually fairly promptly.

The BBC's technology reporter is another one that often seems to have a very poor grasp of the subject he's reporting on.
Logged

hake

  • Reg Member
  • ***
  • Posts: 296
  • Owzat! On ya way, back to the pavilion!
Re: OpenSSL, another blow
« Reply #2 on: July 07, 2014, 08:41:59 PM »

I suppose that the people who gave these wags and wits their jobs didn't know anything either.  I am pottering along with Windows XP and am as (un)safe as with Windows 7.  The thing about Windows is that we know it is flawed.  Those such as me are not complacent and there is much excellent security software to alert us when something dodgy is happening in Windows.

Windows XP is just so darned nice to use and there is loads that can be done to button it down.
Logged
Windows XP

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: OpenSSL, another blow
« Reply #3 on: July 07, 2014, 09:23:03 PM »

The thing that needs to be understood is that OpenSSL is not an operating system like windows, rather just a relatively small component that is used by some OS's, notably some Linux and Android.   In principle, Microsoft could have used it for Windows if they so wished for their own SSL layer, though they didn't.

Even if your PC is running windows (or OS/X, or Linux), with great AV software and you are keeping it all up to date, your bank's web server may be using OpenSSL, making your life savings vulnerable to its flaws.   As may your Android phone, or your router, and other things that are probably outside your control and much harder to patch.    :(
Logged