Web server administrators should take notice of a “severe” vulnerability that computer scientists have discovered in OpenSSL, the free and open source encryption software package for Linux and Unix-like systems.
The bug is in OpenSSL’s cryptographic library and vulnerability allows attackers to retrieve a server’s cryptographic key, leaving any secure transactions, such as banking and sales, exposed to the attacker. Hundreds of thousands (perhaps even millions) of businesses, banks, and other enterprise-level institutions depend on SSL encryption security, particularly that of OpenSSL.
Those who discovered it said that the attack is difficult to execute, but administrators should still be cautious. An OpenSSL spokesperson said that they are already working on a solution and will release a patch for the software. Furthermore, an attack requires access to the power source of the device, making it unlikely that an attacker could exploit a server, since most attack remotely.