Many people know about the OpenSSL protocol, which allows for encrypted website usage. Unfortunately, this concept is not without its flaws, as three major vulnerabilities were patched earlier this week. Security support for the older version will expire on December 31. The new update mainly addressed a critical DDoS bug
OpenSSL Patch Addresses Key Concerns
The security patch issued for OpenSSL addresses one critical flaw many people were concerned about. Given the recent number of denial-of-service attacks taking place all over the world, it is evident that this attack vector needs to be addressed. As it turns out, OpenSSL was suffering from a critical DDoS bug, which is now fixed.
As part of this vulnerability, OpenSSL users were vulnerable to an attack that could corrupt larger payloads. Depending on the severity of such an attack, hackers could effectively cripple the OpenSSL service. While it is impossible to exploit it further than just the DDoS attack, the flaw had to be fixed sooner rather than later.
Other smaller issues were addressed in this new OpenSSL patch as well, although none of them was groundbreaking. Then again, having such a popular protocol suffer from these types of issues raises a lot of concern. All users are advised to upgrade to OpenSSL version 1.1.0c as soon as possible.
HTTPS encryption is quickly becoming the new norm among websites, even though there is still a very long way to go. Recent research indicated not even 50% of the top ranking websites offer HTTP connectivity, a number that is very different from what most people have come to expect.
With the new patch in place, OpenSSL is strengthening its position in the HTTPS market. Then again, individual service providers will have to update clients as soon as possible. Failing to do will result in no longer receiving official support from December 31st, onwards. The upgrade process does not take long and is not overly complicated, hence there being no valid reason not to update.
Security researchers will continue to monitor the OpenSSL protocol, and hopefully address any other vulnerabilities that may remain behind. Any widespread tool needs to be as secure as possible, and being vulnerable to DDoS attacks is the last thing anyone needs. The Internet is not a safe place, and a lot of effort is needed to at least make it viable for all users.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.