Oh hell. Is this the *same* bug that just broke in Apple code last week?
Cheers, -- jra ----- Forwarded Message ----- > From: "PRIVACY Forum mailing list" <priv...@vortex.com> > To: privacy-l...@vortex.com > Sent: Tuesday, March 4, 2014 3:17:43 PM > Subject: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds of apps > open to eavesdropping > Critical crypto bug leaves Linux, hundreds of apps open to > eavesdropping > > http://j.mp/1jPcVOr (Ars Technica) > > "Hundreds of open source packages, including the Red Hat, Ubuntu, and > Debian distributions of Linux, are susceptible to attacks that > circumvent the most widely used technology to prevent eavesdropping on > the Internet, thanks to an extremely critical vulnerability in a > widely used cryptographic code library. The bug in the GnuTLS library > makes it trivial for attackers to bypass secure sockets layer (SSL) > and Transport Layer Security (TLS) protections available on websites > that depend on the open source package. Initial estimates included in > Internet discussions such as this one indicate that more than 200 > different operating systems or applications rely on GnuTLS to > implement crucial SSL and TLS operations, but it wouldn't be > surprising if the actual number is much higher. Web applications, > e-mail programs, and other code that use the library are vulnerable to > exploits that allow attackers monitoring connections to silently > decode encrypted traffic passing between end users and servers. The > bug is the result of commands in a section of the GnuTLS code that > verify the authenticity of TLS certificates, which are often known > simply as X509 certificates." > > - - - > > --Lauren-- > Lauren Weinstein (lau...@vortex.com): http://www.vortex.com/lauren > Co-Founder: People For Internet Responsibility: > http://www.pfir.org/pfir-info > Founder: > - Network Neutrality Squad: http://www.nnsquad.org > - PRIVACY Forum: http://www.vortex.com/privacy-info > Member: ACM Committee on Computers and Public Policy > Lauren's Blog: http://lauren.vortex.com > Google+: http://google.com/+LaurenWeinstein > Twitter: http://twitter.com/laurenweinstein > Tel: +1 (818) 225-2800 / Skype: vortex.com > _______________________________________________ > privacy mailing list > http://lists.vortex.com/mailman/listinfo/privacy -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
