OpenSSL, a technology that’s widely used to encrypt web sessions, has another major vulnerability. It’s not quite as severe as the Heartbleed flaw that got everyone so panicky a couple months back, but it’s serious enough to warrant some urgent patching and it could particularly affect Android(s goog) users.
The new flaw was revealed by the OpenSSL Foundation on Thursday after it was tipped off by researcher Masashi Kikuchi of Japanese security firm Lepidum. It allows so-called man-in-the-middle (MITM) attacks – in other words, if someone can get in between the user and the supposedly secure web service that person is trying to use, the interloper can pose as the web service and intercept, decrypt and manipulate the data being sent, without leaving a trace.
The Heartbleed flaw, by way of comparison, allowed anyone on the internet to tap into the targeted server’s memory in order to scoop up traffic…
View original post 227 more words