Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

• Previous message (by thread): [Solved] Any CenturyLink IPv6 engineers/tech people around?
• Next message (by thread): Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Oh hell.

Is this the *same* bug that just broke in Apple code last week?

Cheers,
-- jra

----- Forwarded Message -----
> From: "PRIVACY Forum mailing list" <privacy at vortex.com>
> To: privacy-list at vortex.com
> Sent: Tuesday, March 4, 2014 3:17:43 PM
> Subject: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
> Critical crypto bug leaves Linux, hundreds of apps open to
> eavesdropping
> 
> http://j.mp/1jPcVOr (Ars Technica)
> 
> "Hundreds of open source packages, including the Red Hat, Ubuntu, and
> Debian distributions of Linux, are susceptible to attacks that
> circumvent the most widely used technology to prevent eavesdropping on
> the Internet, thanks to an extremely critical vulnerability in a
> widely used cryptographic code library. The bug in the GnuTLS library
> makes it trivial for attackers to bypass secure sockets layer (SSL)
> and Transport Layer Security (TLS) protections available on websites
> that depend on the open source package. Initial estimates included in
> Internet discussions such as this one indicate that more than 200
> different operating systems or applications rely on GnuTLS to
> implement crucial SSL and TLS operations, but it wouldn't be
> surprising if the actual number is much higher. Web applications,
> e-mail programs, and other code that use the library are vulnerable to
> exploits that allow attackers monitoring connections to silently
> decode encrypted traffic passing between end users and servers. The
> bug is the result of commands in a section of the GnuTLS code that
> verify the authenticity of TLS certificates, which are often known
> simply as X509 certificates."
> 
> - - -
> 
> --Lauren--
> Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
> Co-Founder: People For Internet Responsibility:
> http://www.pfir.org/pfir-info
> Founder:
> - Network Neutrality Squad: http://www.nnsquad.org
> - PRIVACY Forum: http://www.vortex.com/privacy-info
> Member: ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Google+: http://google.com/+LaurenWeinstein
> Twitter: http://twitter.com/laurenweinstein
> Tel: +1 (818) 225-2800 / Skype: vortex.com
> _______________________________________________
> privacy mailing list
> http://lists.vortex.com/mailman/listinfo/privacy

-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

• Previous message (by thread): [Solved] Any CenturyLink IPv6 engineers/tech people around?
• Next message (by thread): Fwd: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]