Just recently, the tech world had been set ablaze by the SSL vulnerability called Heartbleed which literally exposed the security of the communication layers in the websites. With so much exposure, it was easy for any hacker to infiltrate the website and retrieve the information. Every major online service provider insisted that the users change their passwords even if their security measures were up to date. No one wanted to take any risk as far as their personal information was concerned.
However, a new and more dangerous threat has been identified. These critical weaknesses in the OpenSSL web encryption standard have the potential of inflicting even more damage than the heartbleed bug. Eminent researcher, Tatsuya Hayashi, was responsible for identifying one of the critical bugs. He stated that this new weakness is even more dangerous than the Heartbleed bug and with this vulnerability, it would be possible for hackers have direct surveillance on the communication with users. One of the main reasons behind the scare is that the OpenSSL layers contain digital keys which have the power of exposing confidential information in the communication layer.
The weakness that was identified by Hayashi, attackers can force the implementation of weak encryption keys for the connection that is established between the victim’s PC and the server. However, this can only be done if the attacker and the victim share the same network. When the attackers gains access to the digital keys, not only would he be able to retrieve the information, but it would also be possible to modify the contents of the information. Using this modified information, the hackers can obtain even more confidential data such as passwords and usernames. Such information could cause some serious damages, especially financial damages. And the worst part is that the victims will not be able to know when and how they are being infiltrated.
The vulnerability affects all PC and mobile software that make use of older versions of OpenSSL. Websites that are currently running the older versions have been advised to get the appropriate patches installed so that they may minimize the threat of the vulnerability. Prof Alan Woodward, a security expert from the department of computing at the University of Surrey, said “It’s been there all along since OpenSSL first launched and no one has found it before, which tells you something about how thoroughly these open-source tools are checked. It does seem like another nail in the coffin for OpenSSL. It may not be dead, but this must be another blow to people’s confidence.” The task of coming up with a resolution for the new vulnerabilities is quite daunting and will require every ounce of analytically and IT know how to stop this beast from causing further damage.
- The Hottest Phones Anticipated in 2018 - 5 January, 2018
- 4 Hottest Devices You Need to Gift This Christmas - 21 December, 2017
- 5 Features of Your Android Phone That Probably You Don’t Know - 8 December, 2017
- Record Android Smartphone Screen - 28 November, 2017
- Your Phone: Fake or Original ? 4 Amazing Tips to Check - 17 November, 2017