Authored by a Symantec employee
On March 19th, 2015, website developers who use OpenSSL learned of several bugs, including a severe bug that could allow hackers to render a webserver or website unavailable to users.
What is OpenSSL?
The “Open” in OpenSSL means that any developers can work on the code in the project. The SSL refers to secure sockets layer, which is a form of security built into a web browser that is used to encrypt and decrypt data being sent across the web.
How does this affect me?
Luckily, this exploit has not been seen in the wild, however, if the vulnerability is exploited, it can take down both the client and server via a Denial of Service (DoS) attack, which is a malicious attempt to make a service unavailable to users.
At this point, it is a race between web developers to patch their systems, and cybercriminals to exploit the vulnerability. Fortunately, this is a very small window of opportunity, as OpenSSL has released the patches for the developers today. It's not likely hackers will target consumers, but it is possible.
This vulnerability is not the first type we have seen with OpenSSL and will probably not be the last. Heartbleed, hit hard in April of last year, which could allow attackers to intercept secure communications and steal sensitive information. Four months later, a vulnerability known as POODLE was found in an older version of SSL, & SSL 3.0. Earlier this month, the vulnerability dubbed FREAK was discovered, which could enable attackers to use man-in-the-middle (MITM) attacks and capture and decrypt communications between affected clients and servers.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone