Go to Intelligence page Intelligence
Go to Investing page Investing
Go to Innovations page Innovations
Go to Impact page Impact
Go to Two Takes page Two Takes
Go to Two Takes page
Go to Intelligence page Intelligence
Go to Investing page Investing
Go to Innovations page Innovations
Go to Impact page Impact
Two Takes View TECHi Stance

Hackers can now see private discussions thanks to an OpenSSL bug

TECHi's Author Jesseb Shiloh
Opposing Author Arstechnica Read Source Article
Last Updated
Arstechnica
Arstechnica View all Arstechnica Two Takes by TECHi Read the original story Published June 6, 2014
TECHi's Take
Jesseb Shiloh
Jesseb Shiloh
  • Words 99
  • Estimated Read 1 min

The world hasn’t yet recovered from the Heartbleed vulnerability in OpenSSL and now there’s news of a new bug affecting the popular open-source security package. This recently announced, and already patched, exploit could allow an attacker to see and modify traffic between an OpenSSL client and an OpenSSL server. This sounds worse than it really is. The extent of the issue is extremely limited because we’re talking about specific versions of OpenSSL server. Plus, you need to be using that same server software on a client application, and the attack itself is quite a complicated affair.

Arstechnica

Arstechnica

  • Words 135
  • Estimated Read 1 min
Read Article

A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by the transport layer security (TLS) protocol, the Internet’s most widely used method for encrypting traffic traveling between end users and servers. The TLS bypass exploits work only when traffic is sent or received by a server running OpenSSL 1.0.1 and 1.0.2-beta1, maintainers of the open-source library warned in an advisory published Thursday. The advisory went on to say that servers running a version earlier than 1.0.1 should update as a precaution. The vulnerability has existed since the first release of OpenSSL, some 16 years ago. Library updates are available on the front page of the OpenSSL website. People who administer servers running OpenSSL should update as soon as possible.

Source

NOTE: TECHi Two-Takes are the stories we have chosen from the web along with a little bit of our opinion in a paragraph. Please check the original story in the Source Button below.

Balanced Perspective

TECHi weighs both sides before reaching a conclusion.

TECHi’s editorial take above outlines the reasoning that supports this position.

More Two Takes from Arstechnica

Apple won’t be announcing its television service next week after all
Apple won’t be announcing its television service next week after all
Brian
Brian

Those of you who have been anticipating the announcement of Apple's long-rumored subscription television service should prepare yourselves for disappointment.…

Kyocera is being sued by Microsoft for infringing on Android patents
Kyocera is being sued by Microsoft for infringing on Android patents
Scarlett
Scarlett

Despite being a direct competitor in the mobile market, Microsoft actually owns quite a few Android patents and isn't afraid…

Maybe default encryption for Android wasn’t such a good idea
Maybe default encryption for Android wasn’t such a good idea
Carl
Carl

While Android has supported disk encryption for a while now, Android 5.0 is the only version that implements it by…

The FCC has approved America’s strongest-ever net neutrality rules
The FCC has approved America’s strongest-ever net neutrality rules
Carl
Carl

The strongest net neutrality rules that the United States has ever seen were approved by the FCC in a highly-anticipated…