“OpenSSL Patch Now Undisclosed at High Severity Vulnerability this Thursday”
System Admin and anyone relying on OpenSSL should be done to switch to the newer version of the open-source cryptography library that will be launched or released on this Thursday 9th July.
OpenSSL is an widely open-source tool that library provides encrypted connection with an Internet using SSL/TLS for majority of websites, as well as other secure services.
The Latest version of OpenSSL crypto library, version 1.0.2d and 1.0.1p, address a single security vulnerability classified as “High Severity” the OpenSSL Project Team has Announced on Monday.
They Announced high alert has got the nearly entire industry talking because of 2014 version OpenSSL-Heartbleed connection. At the 2014 Codenomicon, the security engineers found a bug that would give attacker an access to all of your personal passwords, but that is will not be the end of story, the bug could allow attacker to trick the user into using fake versions of popular websites (Phishing).
That bug was then called Heartbleed
. It affected most of the Internet.
The IT security and risk strategy at the advanced threat protection firm Tripwire says:”A huge part of the heartburn with Heartbleed came from the scramble to identify where organizations were vulnerable and how to apply patches. In this case, a little organization can go a long way to a smoother patching cycle”.
Heartbleed, discovered in April last year, was a bug in an earlier version of OpenSSL that allowed hackers to read sensitive contents of victims’ encrypted data, including credit card details and even steal crypto SSL keys from Internet servers or client software.
Erlin further said “Software vendors who use OpenSSL can be prepared to patch their code and shop new versions faster, and end-users can inventory where they have OpenSSL and set up appropriate testing environments ahead of time”.