OpenSSL Crypto Bug Leaves Severs Open to Eavesdropping

Note: Emerging Threats, the clearinghouse infotex uses for our own IPS/IDS signatures, has already released signatures for Snort and Suricata based intrusion detection engines. You can get these signatures at emergingthreats.net.

A critical defect in the cryptographic software library used to identify severs to end users across two-thirds of the internet may be leaving millions of passwords, banking credentials, and sensitive data open to eavesdropping hackers.

The threat comes from a two-year-old bug found in OpenSSL, the default cryptographic library for Apache and nginx Web server applications. It could potentially allow a hacker to retrieve the encryption key of digital validation certificates used in authenticating servers and to encrypt data moving between server and end-user. Such an attack would not leave a single trace in the server logs, so there would be no way of knowing if one had been hacked or not.

Experts are saying that, although most similar bugs are fixed with newer versions and patches, websites may remain vulnerable to attack as they may have already been exploited. There’s no way to know if hackers already have sensitive information from the server.

Original article by Dan Goodin.
Read the full story here.