Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 23 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Two "high" severity bugs patched in OpenSSL

by The Gurus
March 19, 2015
in Editor's News
patch
Share on FacebookShare on Twitter

New bugs have been discovered in OpenSSL, a year on from the announcement of the Heartbleed flaw.
Described as a high severity flaw, the advisory said that one “high” severity flaw exists if a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension, then a “NULL pointer dereference” will occur. This can be exploited in a denial of service attack against the server.
In the second flaw, which was raised from “low” to “high”, and affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. It was originally classified low as it was originally thought that server RSA export ciphersuite support was rare, however recent studies have shown that RSA export ciphersuites support are far more common.
The advisory said: “A client was only vulnerable to a man in the middle attack against a server which supports an RSA export ciphersuite.”
Trey Ford, global security strategist at Rapid 7, said that the highest severity issue (a crash via NULL pointer dereference) only affects version 1.0.2, yet many users are still on versions 0.9.8 and 1.0.1. “We expect to see corresponding attack code quickly built by those reverse engineering the published patches – steps to push these fixes to internet exposed systems should be prioritized. Export ciphers are overdue for retirement, and organisations using them should looks for ways to upgrade to more stringent encryption standards,” he said.
Andy Manoske, senior product manager at AlienVault, said: “Exploiting Heartbleed yielded extremely sensitive cryptographic information. But utilizing that information to violate a target and steal information required at least some knowledge of cryptography and programming. An exploit to DoS SSL servers could likely be built into a quick attack tool and used by attackers with minimal technical skills.”
Also released were nine patches rated as “moderate”, and two rated as “low”.

FacebookTweetLinkedIn
Tags: FlawHeartbleedHTTPSOpenSSLSSL
ShareTweetShare
Previous Post

Google introduce Play app verification rules

Next Post

Greatfire website under massive DDoS

Recent News

chinese flag

Chinese hackers caught spying on Russian defence institutes

May 23, 2022
doge coin

Cryptocurrency scammers use Elon Musk deep fake

May 23, 2022
hacker using computer

Conti ransomware group disbands

May 20, 2022
Xerox Corporation victim of Maze ransomware

Who is UNC1756 – the hacker threatening Costa Rica?

May 19, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information