Wednesday, April 9, 2014

Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

I wanted to point you to an interesting security flaw floating around the news this morning:
Researchers have discovered an extremely critical defect in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data. (Source: Arstechnica)
The full article can be read on

From my research, Google updated all their openssl to protect this vulnerability on March 12th and gmail is safe. (Source: WSJ)