Skip to main content

Hacker claim about bug in fixed OpenSSL likely a scam

posted onApril 28, 2014
by l33tdawg

Security experts have expressed doubts about a hacker claim that there’s a new vulnerability in the patched version of OpenSSL, the widely used cryptographic library repaired in early April.

A group of five hackers writes in a posting on Pastebin that they worked for two weeks to find the bug and developed code to exploit it. They’ve offered the code for the price of 2.5 bitcoins, around US$870.

A new flaw in OpenSSL could pose just as much of a threat as Heartbleed did. But the hackers’ claim was met with immediate suspicion on Full Disclosure, a forum for discussing vulnerability reports. One commentator, Todd Bennett, wrote the technical description of their claim is “rather extraordinary.” The open-source OpenSSL code is used by millions of websites to create encrypted communications between client computers and servers. The flaw disclosed in early April, nicknamed “Heartbleed,” can be abused to reveal login credentials or a server’s private SSL key.

Source

Tags

Security SSL

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th