A security flaw which has been named Heartbleed was discovered within the last week in OpenSSL. Its ramifications are wide-reaching because versions of OpenSSL are used in many Unix-like operating systems including Solaris, Linux, Mac OS X and BSD-based systems. It allows attackers access to the systems that use OpenSSL. This affects World Wide Web traffic, email systems, Instant Messaging systems and some Virtual Private Networks.
The flaw allows anyone on the internet to read memory on systems using OpenSSL if they know how to exploit it. This allows them to read not only the encryption key but also usernames, passwords and content of the data sent between the systems.
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) allow systems to securely communicate across the internet by encrypting the data sent between them. Data is encrypted by the system sending the data before it is sent, and the receiving system deciphers it after it is received. The two systems share the same encryption key which tells the receiving system how to decipher the encrypted data. This key is shared before the communication session starts. Any vulnerabilities like Heartbleed compromise the security of these communications.
There is a fix for this vulnerability which is being implemented by the various users of OpenSSL.
Back in the good old days of MS-DOS and other early personal computers viruses and security concerns were almost non-existent. But today, with an ever-expanding world of network-connected devices, security is an issue that can't be ignored. The only real way to completely secure against security leaks is to avoid connecting systems to the internet, which today is not feasible. We are too dependent on the ability to connect.
For more information see eWeek's article and also www.heartbleed.com .
via Examiner National Edition Gadgets & Tech Channel Articles http://ift.tt/1kS0PIg