June 6, 2014
After Heartbleed there were several initiatives to “secure” the bookstore. The OpenBSD team, for example, went to work on the LibreSSL fork to try to purge all bugs from the original library. Other researchers have looked for more flaws directly in the code, and have discovered several more vulnerabilities that have just been fixed.
The first, the most serious, would allow an attacker to execute a man-in-the-middle attack and read the data from a secure connection. All you would need is to inject a message during the handshake process between the two clients that are establishing a secure connection.
via Even more serious vulnerabilities are discovered in OpenSSL.
[+] Videos de nuestro canal de YouTube