Open-Source Security Flaw Exposes Millions

Encryption error went undetected for nearly 2 years
By Laila Weir,  Newser Staff
Posted May 22, 2008 6:16 PM CDT
Open-Source Security Flaw Exposes Millions
Hewlett Packard laptop on display at Best Buy in Mountain View, Calif., Monday, May 13, 2008.    (AP Photo/Paul Sakuma)

A programming error discovered last week makes at least four open-source operating systems and 25 applications vulnerable to hacking, and a patch distributed to fix it doesn’t solve the problem. Worse, the vulnerability can extend to computers not even running the deficient code, reports Technology Review. The mistake went unnoticed for almost 2 years.

Programmers accidentally restricted the number of encryption keys the affected computers could use to protect information sent over networks to just 32,767, making it possible for hackers to crack the encryption by trying all possible keys. Furthermore, the keys are portable, meaning they could be installed on computers that weren’t running the vulnerable code in the first place. (More computer security stories.)

Get the news faster.
Tap to install our app.
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.