[TriLUG] Fwd: [ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Steve Holton sph0lt0n at gmail.com
Tue Mar 4 20:30:05 EST 2014


F.Y.I.



---------- Forwarded message ----------
From: Lauren Weinstein <lauren at vortex.com>
Date: Tue, Mar 4, 2014 at 3:17 PM
Subject: [ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps
open to eavesdropping
To: nnsquad at nnsquad.org



Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

http://j.mp/1jPcVOr  (Ars Technica)

    "Hundreds of open source packages, including the Red Hat, Ubuntu, and
     Debian distributions of Linux, are susceptible to attacks that
     circumvent the most widely used technology to prevent eavesdropping on
     the Internet, thanks to an extremely critical vulnerability in a
     widely used cryptographic code library.  The bug in the GnuTLS library
     makes it trivial for attackers to bypass secure sockets layer (SSL)
     and Transport Layer Security (TLS) protections available on websites
     that depend on the open source package. Initial estimates included in
     Internet discussions such as this one indicate that more than 200
     different operating systems or applications rely on GnuTLS to
     implement crucial SSL and TLS operations, but it wouldn't be
     surprising if the actual number is much higher. Web applications,
     e-mail programs, and other code that use the library are vulnerable to
     exploits that allow attackers monitoring connections to silently
     decode encrypted traffic passing between end users and servers.  The
     bug is the result of commands in a section of the GnuTLS code that
     verify the authenticity of TLS certificates, which are often known
     simply as X509 certificates."

 - - -

--Lauren--
Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility:
http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad



-- 
-- 
Steve Holton
sph0lt0n at gmail.com


More information about the TriLUG mailing list