Slashdot Mirror


OpenSSL Security Vulnerability

SiliconEntity writes "On the heels of multiple OpenSSH vulnerabilities, the OpenSSL project is now reporting a number of security vulnerabilities of its own. OpenSSL is a standard cryptographic library used in a wide variety of security applications. The new vulnerabilities range from denial-of-service attacks to stack corruption, which imply the possibility of running malicious code. New versions of the software are released today which address the vulnerabilities."

9 of 245 comments (clear)

  1. Got the popcorn by Dancin_Santa · · Score: -1, Flamebait

    Let's get the Microsoft flamefest started!

    All software has bugs. But if you are specifically making a software package that purports to be secure, it behooves you to make sure not to release until you are ready. Looks like there were "a number" of vulnerabilities. Perhaps they should have waited?

  2. lol by Anonymous Coward · · Score: -1, Flamebait

    open source sux

  3. at least the OOS community puts out notices by dnotj · · Score: -1, Flamebait
    Unlike some other company that hides this stuff.

    Not to mention that this same company probably has the same bug because they swiped the OPENSSL code. .dn

    --
    No more Micro$oft bashing from me. Its like bashing at the special olympics.
  4. Re:No more buffer overflows with Java!! by Anonymous Coward · · Score: -1, Flamebait

    stop this java crap!!
    use a REAL language like .NET!!

  5. Re:Shh! What's that sound? by Anonymous Coward · · Score: -1, Flamebait

    You fucking cretinous prick. Theo has nothing to do with OpenSSL.

    Go back to your basement, kid.

  6. Re:pheeew by Anonymous Coward · · Score: -1, Flamebait

    You forgot the:
    $connect = "user=fuckwit";

  7. Re:the truth by codemachine · · Score: 0, Flamebait

    Either that or they're doing a heck of a lot of auditing lately. Hopefully they'll find a bunch at once, and be done with it for a while.

    But unfortunately from what I've seen from OpenSSH, it appears that we may have another sendmail/wu-ftp/bind type program in terms of security. That is not a good thing, since many services are being changed to use ssh/ssl for transport, leaving us with a single point of (in)security.

    This is sure embarassing for the OpenBSD team though. Their code is right now some of the worst in BSD land for security (although in fairness, it is mostly portable ssh that has problems. On OpenBSD, OpenSSH has much cleaner code and is much more secure).

  8. Re:phew by Anonymous Coward · · Score: -1, Flamebait

    Listen here you stick-legged mulefaced fucknugget, seeing societal rejects like you make fun of Microsoft on some lame internet forum really brightens my day.

    Also I'm really drunk and the last thing I care about at this point is entertaining you internet jackass geeks.

  9. Re:Feeling kinda good about it by Overly+Critical+Guy · · Score: 0, Flamebait

    Name a single example.

    Microsoft puts out patches immediately once a vulnerability is announced.

    --
    "Sufferin' succotash."