Remember that because the “bleeding heart“ overnight OpenSSLagreement? It has vulnerabilities. A group responsible for doingtechnical support for encryption protocol OpenSSL developers,found a new mystery “high-risk“ vulnerabilities. OpenSSLcomponents such as Apache and Nginx open source networksecurity protocol used by the server, which accounted for 66% of all websites in the world. 2014 when a huge security hole was foundcalled Heartbleed, the whole world knows this little–known back-endtechnology.
Heartbleed is very dangerous, because hackers can use OpenSSL,steal data through the Web site and server, even if the data isencrypted. Specific reading of Lei feng’s network–related articles.
New OpenSSL vulnerability of nature is still unknown, but its “high risk“ qualitative has aroused people‘s concern. OpenSSL Projectteam a high-risk vulnerability is defined as, “effects of commonconfiguration vulnerabilities, such as server denial of service, servers, such as memory leaks, and remote code execution. ”
In Mandarin Chinese, which means that the vulnerability can beused for various purposes by hackers from using OpenSSL droppedthe network and server, to install malicious software on the victim‘ssystem, do anything.
Further details about the vulnerability are still unknown, OpenSSLteam don’t want to on July 9, before the bug fixing, provide anyavailable information to hackers.
Since Heartbleed, this is not the OpenSSL Project team released thefirst patch. OpenSSL Project team May have released a fix 14security patches, two of which are high-risk vulnerabilities.
Of course, not everyone hates vulnerabilities, such as the United States and the United Kingdom Government Department forOpenSSL Security Protocol was unhappy with. FBI claims that inearly June, when law enforcement and intelligence agencies in thefight against terrorism and crime, need some way to read theencrypted information.