remember the OpenSSL agreement that made it famous overnight because of a heart bleed?. A group of developers responsible for the technical support for the cryptographic protocol OpenSSL, found a new mystery high-risk vulnerabilities.
OpenSSL is an open source web server such as Apache and Nginx used security protocols that account for 66% of the world’s Web sites. When a huge security hole named Heartbleed was discovered in 2014, the world knows little about the background technology.
Heartbleed is dangerous, because hackers can use OpenSSL, through the site and server to steal data, even if the data is encrypted. Specific circumstances can read the relevant articles Lei Feng.
The nature of the new vulnerabilities in
OpenSSL is still unknown, but the engineer’s "high risk" quality has raised concerns. OpenSSL project team will be defined as high-risk vulnerabilities, " the impact of common configuration vulnerabilities, such as server denial of service, server memory leaks and remote code execution, etc.."
Mandarin speaking, this means that the hacker vulnerabilities can be used for a variety of purposes, from the use of the OpenSSL network and server dropped, to install malware on the victim’s system, equal to anything.
Further details of
‘s vulnerability remain unknown, and the OpenSSL project team does not want to provide any available information to hackers before the July 9th bug fixes.
this is not the first patch released by the OpenSSL project team since Heartbleed. OpenSSL project team in May released a security patch to fix 14 vulnerabilities, of which two are high-risk vulnerabilities.
of course, not everyone hates loopholes, such as the United States and the British government departments are very dissatisfied with OpenSSL and other security protocols. In early June, FBI claimed that law enforcement and intelligence agencies need to take some steps to read encrypted information flow when dealing with terrorism and crime.