Open SSL is an open-source Secure Sockets Layer library that is used by many secure web site. OpenSSL puts the “S” into HTTPS, and provides secure, encrypted communications for password protected websites, such as ecommerce, social media, and email services. The proof of concept exploit was able to expose several thousand Yahoo user names and passwords, in a recent demonstration by a security consulting firm.
Are you at risk? Yes you are, but this does not mean that you have lost anything yet, or that you need to go out and do another round of password changes. The good news is that there is already a fix available. The bad news is that there is nothing you can do about it, this update needs to be applied to affected web servers by the web service operators.
According to a report in the Washington Post, only 4-6% of web servers are affected, and the number is dropping as patches are applied. For a more technical discussion of this issue, please see the article on Sophos.
Share
APR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com