Bits and Bytes -- Open SSL Bug
The disturbing news comes courtesy of Nicole Perlroth of the New York Times. Apparently there is a significant bug in the Open SSL protocol that provides most of the https security on the network. Here's the lede:
The tiny padlock icon that sits next to many web addresses, suggesting protection of users’ most sensitive information — like passwords, stored files, bank details, even Social Security numbers — is broken. A flaw has been d
Published by The Lawfare Institute
in Cooperation With
The disturbing news comes courtesy of Nicole Perlroth of the New York Times. Apparently there is a significant bug in the Open SSL protocol that provides most of the https security on the network. Here's the lede:
The tiny padlock icon that sits next to many web addresses, suggesting protection of users’ most sensitive information — like passwords, stored files, bank details, even Social Security numbers — is broken. A flaw has been discovered in one of the Internet’s key encryption methods, potentially forcing a wide swath of websites to swap out the virtual keys that generate private connections between the sites and their customers.It's easy to overstate the significance of these types of flaws -- the vulnerability is real, but the extent to which it has been exploited is unknown and, as yet, there is no evidence of exploitation at all. Here's a good summary of "what it means for you" from Lifehacker. And here's another one, from LastPass (the password locker I use). Whatever the ultimate ground-truth, this is a pretty significant cautionary note. Me? I'm going to change some passwords.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.
