A wee little Linux bug
Subject: General Tech | March 5, 2014 - 02:47 PM | Jeremy Hellstrom
Tagged: linux, security
It would seem that there is a fairly problematic bug in the way that GnuTLS library applies encryption for many Linux users. According to the story on The Inquirer this bug could allow an improperly setup certificate to be reported as valid and while your connection states it is secure it will not in fact be encrypted. Red Hat has already issued a patch to solve this problem but the vulnerability would apply to any distro which uses the GnuTLS library. It would be wise to follow the link from the story to locate a patch for your system before attackers start using it in the wild.
"THOUSANDS OF LINUX USERS might be vulnerable to hackers after it emerged that a significant certificate checking bug exists in a low level library.
The problem stems from the GnuTLS library that provides an API to enable SSL, TLS and DTLS encryption protocols, as used particularly by web servers."
Here is some more Tech News from around the web:
- Microsoft's Attempt To Convert Users From Windows XP Backfires @ Slashdot
- How to Install the LTSI-3.10 Kernel on Raspberry Pi and MinnowBoard @ Linux.com
- HTC One 2 release date, specs, rumours and price @ The Inquirer
- New 4G router pitched at biz bods sick to death of titsup networks @ The Register
- ASUS USB-AC56 & PCE-AC68 Dual-Band Wireless AC Adapters Review @HiTech Legion