OpenSSL Patches Eight New Vulnerabilities

itwbennett writes: Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks. Although the flaws are only of moderate and low severity, "system administrators should plan to upgrade their running OpenSSL server instances in the coming days," said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7.

OpenSSL must fucking die

OpenSSL was written by a bunch of monkeys who either didn't understand security, didn't give a shit about security, or were NSA agents pretending to be dumb and careless.

Their source code looks like a fucking regurgitated hairball, pages after pages of deeply nested spaghetti if/else that requires hours/days to scroll up and down, switch back and forth between files just to understand what a small section does. That makes it nearly impossible for people to provide patches because by the time they understand half of the code they are already burnt out and have lost interest.

Fuck OpenSSL, it is now nothing more than a project run by burnt out programmers who doesn't give a shit and will only add even more shit to it to earn a paycheck, and whatever "bugs" they fix, you can bet the NSA is still sitting on a pile of 10 years old bugs and exploits.

Switch to LibreSSL, simply because it is developed by people who have standards and care about reputation.