Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

Posted by Soulskill on from the feeling-secure-is-the-biggest-bug dept.

New submitter williamyf writes "According to this article at Ars Technica, '[A] bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.' The coding error may have been present since 2005."

3 of 231 comments (clear)

  1. That reminds me by afidel · · Score: 0, Offtopic

    The Ars side widget is broken, perhaps they don't want me to see the Ars articles until they have time to approve their copies here on slashdot...

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  2. Moderation by mythosaz · · Score: 1, Offtopic

    Posting to undo moderation.

  3. Clearly this is Apple's fault by Anonymous Coward · · Score: 0, Offtopic

    No, I can't explain how, but it's pretty obvious.