March 2, 2016 by David Ellis
http://img.techxplore.com/newman/csz/news/800/2014/sixmorebugsf.jpg
New bugs in the code for OpenSSL. Credit: Flickr/Guilherme Tavares, CC BY-NC
One of the world's most common security software packages – used as the basis of protection for many web browsers – has been found to be vulnerable to a specific form of attack, according to research led by the University of Adelaide.
OpenSSL provides encryption protection for a range of applications on most types of computers and is similar to the encryption packages used by the web browsers Google Chrome (BoringSSL) and Firefox (Mozilla's Network Security Service (NSS)).
Dr Yuval Yarom, Research Associate at the University of Adelaide's School of Computer Science, says he and colleagues Daniel Genkin (Tel Aviv University) and Dr Nadia Heninger (University of Pennsylvania) have discovered that OpenSSL is vulnerable to a type of attack known as a "side channel attack".
Full Article
Userlevel 7
The important aspect of this article is this vulnerabilities has been found, now these browsers need to be patched asap. Good heads up by Dr Yuval Yarom
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.