It seems that someone may have found a way around at least one of the latest hot fixes for OpenSSL. According to some talk around the darker places on the internet, a rehash of metadata can allow a malicious individual to get around the latest hot fix designed to stop someone from bypassing the CA check in OpenSSL. The original flaw was found to exist during certificate validation. When OpenSSL checks the certificate chain it will try to build an alternate route if the first attempt fails. Due to a flaw in the way this is done can allow a “bad guy” to actually force some of the secondary checks to be bypassed and allow an invalid cert to pass.

Over the course of the years you have read many (many, many) articles about security. These articles have ranged from details on specific breaches to general security information. One of the big areas that we cover is the lack of motivation to maintain proper security in the cloud and also on the internet. We have talked at length about the way many businesses treat security from a planning view or even in the face of a real threat.

After taking a pretty big hit from the HeartBleed bug OpenSSL I back in the new for an additional six bugs that put user data at risk. Security researchers have discovered a number of additional bugs in OpenSSl that can be used to allow malicious persons to spy on communication. Fortunately for the masses (about two thirds of internet sites use OpenSSL) these new bugs are not as easy to exploit as Heartbleed was.