Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
Jay Ashworth
jra at baylink.com
Wed Mar 5 03:07:56 UTC 2014
Oh hell.
Is this the *same* bug that just broke in Apple code last week?
Cheers,
-- jra
----- Forwarded Message -----
> From: "PRIVACY Forum mailing list" <privacy at vortex.com>
> To: privacy-list at vortex.com
> Sent: Tuesday, March 4, 2014 3:17:43 PM
> Subject: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
> Critical crypto bug leaves Linux, hundreds of apps open to
> eavesdropping
>
> http://j.mp/1jPcVOr (Ars Technica)
>
> "Hundreds of open source packages, including the Red Hat, Ubuntu, and
> Debian distributions of Linux, are susceptible to attacks that
> circumvent the most widely used technology to prevent eavesdropping on
> the Internet, thanks to an extremely critical vulnerability in a
> widely used cryptographic code library. The bug in the GnuTLS library
> makes it trivial for attackers to bypass secure sockets layer (SSL)
> and Transport Layer Security (TLS) protections available on websites
> that depend on the open source package. Initial estimates included in
> Internet discussions such as this one indicate that more than 200
> different operating systems or applications rely on GnuTLS to
> implement crucial SSL and TLS operations, but it wouldn't be
> surprising if the actual number is much higher. Web applications,
> e-mail programs, and other code that use the library are vulnerable to
> exploits that allow attackers monitoring connections to silently
> decode encrypted traffic passing between end users and servers. The
> bug is the result of commands in a section of the GnuTLS code that
> verify the authenticity of TLS certificates, which are often known
> simply as X509 certificates."
>
> - - -
>
> --Lauren--
> Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
> Co-Founder: People For Internet Responsibility:
> http://www.pfir.org/pfir-info
> Founder:
> - Network Neutrality Squad: http://www.nnsquad.org
> - PRIVACY Forum: http://www.vortex.com/privacy-info
> Member: ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Google+: http://google.com/+LaurenWeinstein
> Twitter: http://twitter.com/laurenweinstein
> Tel: +1 (818) 225-2800 / Skype: vortex.com
> _______________________________________________
> privacy mailing list
> http://lists.vortex.com/mailman/listinfo/privacy
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list