tuxgeo
Adventurer
The news about OpenSSL is bad: the programming of version 1.01 (that was released in March, 2012) failed to include a needed bounds check. If exploited, this loophole could allow hackers to scrape data from vulnerable servers, from user names to e-mail addresses to passwords, and even up to and including the servers' own Certificates of Authenticity. Yahoo was affected and vulnerable, but appears to have applied patches by now. (Edit: Such hacking attacks don't leave any traces.)
Link on Ars Technica.
Patched versions (1.0.1g) are being issued by various providers, and have been issued by some.
Edit: Initial advice is to avoid doing things that require secure connections for a few days until patches are in place.
Link on Ars Technica.
Patched versions (1.0.1g) are being issued by various providers, and have been issued by some.
Edit: Initial advice is to avoid doing things that require secure connections for a few days until patches are in place.
Last edited: