New Apache Web Server bug can reveal server memory to attackers

Another day, another vulnerability in a widely-used software package.  Today’s bug (dubbed Optionsbleed by Hanno Böck, the journalist who documented the vulnerability) can reveal passwords and other pieces of vital information to attackers.  While not as big of a threat as Heartbleed, a similar bug which allowed attackers to snag private encryption keys for servers (which is a Bad Thing, since this is how servers verify they are who they say they are; for an explanation of how this works, see my Asymmetric Encryption explanation from last year), this should still be regarded as a significant threat.

Patches are being rolled out now; patch your systems if you haven’t already.

Ryan Brooks

Published byRyan Brooks

I’m a Process Engineer for Charter Communications’ IT Security Process Engineering team. I write about things that interest me– energy, history, technology, information security, and the future. Opinions are mine, not my employer's. You can contact me by emailing ryan@experimentalthoughts.com

No Comments

%d bloggers like this: