Thursday, April 10, 2014

What the Heck is the OpenSSL Vulnerability

I thought you'd never ask!

You could have looked it up on Wikipedia, but I've gone ahead and done it for you.  Here's more than you ever really wanted to know.  And if you want to earn 15 CEUs (Continuing education units) click on all the links and be ready to answer the quiz at the end of the chapter.

"OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the various open source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400).

OpenSSL is based on SSLeay by Eric Andrew Young and Tim Hudson, development of which unofficially ended on December 17, 1998, when Young and Hudson both started to work for RSA Security."  (source:  Wikipedia)

 And what's all the fuss about the Heartbleed Bug?

"Where can I get more information about Heartbleed?

TidBits has put together a set of very accessible answers to your Heartbleed questions, while also linking to a more in-depth explanation from software architect Troy Hunt. Mashable has a list of sites impacted by Heartbleed, which it promises to update as new information comes in. And of course, my colleague Ian Paul offers a good summary of what you need to know about Heartbleed." 

Thanks to TechHive and Others

Show Comments: OR