Slashdot Mirror


Major OpenSSL Security Issue Found (and Fixed)

tearmeapart writes "A major security issue has been found in all OpenSSL packages. You probably want to download your preferred OpenSSL package as soon as possible. Changes to the CVS repository are detailed on the OpenSSL timeline."

1 of 78 comments (clear)

  1. Re:Anyone want to translate this into dummy speak? by swillden · · Score: 5, Interesting

    I guess my other question is, how can the most utilized utility on a system still have unchecked overflows?

    Have you ever looked at the OpenSSL code? It could have the Ark of the Covenant hidden in all that mess somewhere for all we know and we'd never find it.

    No kidding. I've seen a lot of horrible messes in my career, but OpenSSL tops them all. There have to be hundreds of serious security bugs lurking in there... the only thing saving us is that it's so nasty not even the black hats want to dig in there to find them. Good security code should be as simple and straightforward as possible, to make it easy to verify. The authors of OpenSSL took a... different approach.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.