Your OpenSSL Web Server Is Fscked (and EU/data collection)

Good news: The EU’s highest court just ruled NSA/GCHQ-style preemptive mass surveillance is illegal: http://www.reuters.com/article/2014/04/08/us-eu-data-ruling-idUSBREA370F020140408

Bad news: 65% of web servers (those running OpenSSL) are completely wide open. How wide open? Wide open as in, “an attacker can read out anything in the server’s memory, from ultra-secret private encryption keys to documents stored on the server.”

In other words, so wide open that this is the official* security advisory issued by OpenSSL: http://goatse.ch/

(NOT SAFE FOR WORK)
(OR SMALL CHILDREN)
(OR ANYONE, REALLY)

* not actually

http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx https://www.openssl.org/news/secadv_20140407.txt
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743883
http://heartbleed.com/

Advertisements
%d bloggers like this: