Open SSL Holes Plugged

Microsoft isnit the only group worried about holes in its software; new patches have just been released by the group that maintains OpenSSL (Secure Socket Layer) that fixes holes in that software that could allow attacks or access to servers running the software. From the C|Net article, Open-source group plugs three holes:

The security flaws exist in the OpenSSL Project is version of the secure sockets layer (SSL) software used by Web sites and browsers to cryptographically secure data. Two of the flaws could lead to a denial-of-service attack, and a third may allow an attacker to break into a system from the Internet.

The flaws were found when the U.K. government put the software through rigorous testing, said Mark Cox, a developer on the OpenSSL security team.

"We certainly know of no exploits yet," he said. "These were found by the good guys."

Not to be confused with the OpenSSH project--SSH stands for secure shell--which has patched its software twice in the last month , the OpenSSL Project develops and maintains an open-source version of SSL software. A year ago, the Slapper worm infected Linux computers that hadnit been patched to fix a different hole in the same software.

Read the full article at C|Net.

This technology is used in Mac OS X, but it should be noted that this is not a Mac OS X patch that is being released. Apple will need to incorporate the groupis patch so that it can then release a Mac OS X-specific patch. Historically, Appleis patch follows the release of software-specific patches by a day or two.