It seems that ever since the Heartbleed bug was published earlier this Spring, OpenSSL just hasn't been able to catch a break. Today, it was announced that seven additional vulnerabilities had been discovered affecting OpenSSL 0.9.8, 1.0.0, 1.0.1, and 1.0.2 (meaning all versions, basically).
At least one of the bugs, a man-in-the-middle attack referred to as CCS injection (detailed here and here), has been dubbed "serious" by the team. Read More
The Internet has been abuzz over the recently discovered Heartbleed bug. If you're not already familiar, Heartbleed is a vulnerability in the OpenSSL software library that allows an attacker to steal data directly from the memory space of an application and learn the private keys used to keep data securely encrypted as it travels over the Internet. The implications of this kind of leak are certainly severe, and it has everybody rushing to either install updates that fix the bug or implement workarounds to disable it. Read More