Heartbleed-Weary Tech Firms Show OpenSSL A Little Love

Erika Morphy | Linux Insider | May 30, 2014

A new attack vector has been identified, causing renewed distress over the difficulty of coming up with a Heartbleed cure. Coincidentally, the latest threat information comes just as a group of tech companies announced a new effort to shore up OpenSSL security. A coding error in OpenSSL, which is widely used but pathetically undersupported, led to the Heartbleed debacle.

Remember Heartbleed? Several weeks ago, the exposure of this security bug chilled the Internet, highlighting once again that even the seemingly unbreakable can be hacked. In the case of the Heartbleed vulnerability, encrypted data was at risk of theft. Sites potentially vulnerable to Heartbleed urged users to change their passwords. They ranged from Canada's Revenue Agency to Amazon Web Services to Yahoo to Reddit.

Although angst waned following the launch of a massive initiative to patch the vulnerabilities that could permit malware attacks, Heartbleed has emerged from its bunker.Luis Grangeia, security services manager at SysValue, this week identified a new attack vector that opens wireless routers and Android devices to infiltration. In this case, the attack is carried out via WiFi, targeting both the client and the server...