The security issue related to OpenSSL has been all over the news in the last couple of days.
It is indeed a very bad issue, one that can let an attacker access the login details, including passwords, of registered users from vulnerable Websites/Servers. Yahoo mail, was one of those sites…out of nearly a million others!
This vulnerability has been around for 2 years, it affects servers usingOpenSSL 1.0.1 through 1.0.1f (inclusive).
Those servers could be running consumer websites or other applications. For example, the Network Security Monitoring suit: Security Onion, was vulnerable until yesterday when a security fix/update was released. The same applies to the Penetration Testing platform Kali 1.06, which was vulnerable until today!
If those applications/environments were internet facing, userids and passwords may have been compromised in the last 2 years.
This issue allows the attacker to access the memory of a vulnerable server, it means that ...
>>[READ MORE]