OpenSSL Finds and Fixes 7 New Security Flaws

OpenSSL Finds and Fixes 7 New Security Flaws
http://www.eweek.com/security/openssl-finds-and-fixes-7-new-security-flaws.html

The Internet Storm Center (ISC SANS) ranks two of the newly patched flaws as critical. One, identified as CVE-2014-0224, is an SSL man-in-the-middle (MITM) vulnerability that could have a widespread, critical impact. In an MITM attack, the attacker is able to intercept encrypted messages sent between secured endpoints and decrypt the message.

“An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS [Secure Sockets Layer/Transfer Layer Security] clients and servers,” OpenSSL warns in its advisory. “This can be exploited by a man-in-the-middle attack where the attacker can decrypt and modify traffic from the attacked client and server.”

Security Advisory
http://www.ubuntu.com/usn/usn-2232-1/
http://www.debian.org/security/2014/dsa-2950
https://rhn.redhat.com/errata/RHSA-2014-0625.html

Hi jhkmaster,
These OpenSSL flaws are starting to be a worry.
I’ve always relied on SSL to provide privacy & security, especially now we know the NSA is snooping on us all.
… Not looking good !