Emerging Threats

Be Still My Bleeding Heart: The latest OpenSSL vulnerability is nothing to worry about

Authored by a Symantec employee


On March 19th, 2015, website developers who use OpenSSL learned of several bugs, including a severe bug that could allow hackers to render a webserver or website unavailable to users.

A security suite that helps protect your devices.

Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.

What is OpenSSL?

The “Open” in OpenSSL means that any developers can work on the code in the project. The SSL refers to secure sockets layer, which is a form of security built into a web browser that is used to encrypt and decrypt data being sent across the web.

How does this affect me?

Luckily, this exploit has not been seen in the wild, however, if the vulnerability is exploited, it can take down both the client and server via a Denial of Service (DoS) attack, which is a malicious attempt to make a service unavailable to users.

At this point, it is a race between web developers to patch their systems, and cybercriminals to exploit the vulnerability. Fortunately, this is a very small window of opportunity, as OpenSSL has released the patches for the developers today. It's not likely hackers will target consumers, but it is possible.

This vulnerability is not the first type we have seen with OpenSSL and will probably not be the last. Heartbleed, hit hard in April of last year, which could allow attackers to intercept secure communications and steal sensitive information. Four months later, a vulnerability known as POODLE was found in an older version of SSL, & SSL 3.0. Earlier this month, the vulnerability dubbed FREAK was discovered, which could enable attackers to use man-in-the-middle (MITM) attacks and capture and decrypt communications between affected clients and servers.

Our best protection. One low price

Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.