It hasn’t been that long that Heartbleed, potentially one of
the most severe bug, was recently discovered. Now there is news that another
serious bug is residing in the same OpenSSL.
The OpenSSL is one of the most vital parts of the whole
internet thing. It is the safety feature which guards our private web
communications. The reason why many number of new errors are popping out in the
OpenSSL is because, after the discovery of the infamous Heartbleed, many
volunteers are now analyzing and studying the OpenSSL code. Another background
reason is that, the OpenSSL Foundation is a tiny team programmers and it is
only recently that, they started getting additional financial help from the
companies which rely on it.
Coming back to the new found bug in OpenSSL, which some are
also calling Heartbleed 2, is over a decade old but good news is it is not as
devastating as Heartbleed. This bug actually exists in a process called
‘handshake’. All the computers and web servers start a secured conversation to
transfer data in a process called Handshake. An exploit of this reported bug
will allow the attacker who is operating between you and the website to
snoop-into your internet session and strip away the encryption, that is, he/she
can practice eavesdropping.
However, the bug has already been fixed by the OpenSSL
Foundation. The foundation has also published an advisory warning to the users
to update their SSL with the latest patches. So, it is now up to the website
servers and developers of web browser software, to update their systems. Well,
most used browser software in the desktop that is, IE, Firefox, Chrome, and
Safari are said to be safe, where as Chrome for Android and other Android based
browsers are said to be still in danger.
A Japanese researcher Masashi Kikuchi was the one who found
the reported bug. “This vulnerability allows malicious intermediate nodes to
intercept encrypted data and decrypt them while forcing SSL clients to use weak
keys which are exposed to the malicious nodes,” wrote Kikuchi in his blog post.
“The biggest reason why the bug hasn't been found for over
16 years is that code reviews were insufficient,” he further writes.
Installing comprehensive internet security software like
Norton internet security or Norton antivirus is a good step to keep your online
and offline data protected. These are easy to use, quick, reliable, and
effective data security solutions. A good thing with these is if you ever felt
the need of Norton support, then it
can be availed easily and quickly. There are few good third party companies
providing dedicated technical support like OS support, antivirus support, Dell support etc. throughout the year.
One good company among these few reliable third-party companies is
SupportBuddy.
The bottom-line is it is good that the individual
researchers are stepping up and are finding critical bugs that security
software. are existing in OpenSSL and
others. This way the internet will improve and get more secured. However, if
you still have worries about Handshake bug, then don’t use stranger’s Wi-Fi and
install effective
No comments:
Post a Comment