+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The team that discovered Heartbleed has found another 'high severity' security flaw affecting the internet

Jul 7, 2015, 18:16 IST

Sink hole in ChinaReuters Photos

A team of developers responsible for supporting a commonly used encryption protocol known as OpenSSL has uncovered a mysterious new "high severity" vulnerability.

Advertisement

OpenSSL is a security protocol used by open source web servers such as Apache and Nginx - which host around 66% of all the world's sites.

The backend technology hit the headlines in 2014 when a massive security flaw, codenamed Heartbleed, was uncovered.

The flaw was dangerous as it could be exploited by hackers to steal data, even if it was encrypted, from sites and services using OpenSSL.

The nature of the new OpenSSL flaw remains unknown, though the high severity ranking given to it by the project has caused concerns.

Advertisement

The OpenSSL project classifies high severity bugs as "issues affecting common configurations which are also likely to be exploitable [hackable]. Examples include a server denial-of-service, a significant leak of server memory, and remote code execution."

In non-technical language, this means the bug could be used for a range of purposes by hackers, varying from basic nuisance attacks that knock websites and services using OpenSSL offline, to installing malware on victim systems.

Further details about the vulnerability remain unknown, as OpenSSL doesn't want to provide hackers with information they could use to exploit the flaw ahead of its July 9 fix.

This isn't the first major fix released by the OpenSSL Project since Heartbleed. The OpenSSL project released another security update patching 14 vulnerabilities, two of which were also high severity, in May.

The news follows hostility from US and UK government departments to secure services like OpenSSL.

Advertisement

James Comey, director of the Federal Bureau of Investigation (FBI) claimed law enforcement and intelligence agencies need ways to read encrypted traffic if they hope to combat terrorism and crime, earlier in June.

NOW WATCH: How to use Google Maps when you have no phone service

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article