On March 19th, 2015, website developers who use OpenSSL learned of several bugs, including a severe bug that could allow hackers to render a webserver or website unavailable to users.
What is OpenSSL?
The “Open” in OpenSSL means that any developers can work on the code in the project. The SSL refers to secure sockets layer, which is a form of security built into a web browser that is used to encrypt and decrypt data being sent across the web.
How does this affect me?
Luckily, this exploit has not been seen in the wild, however, if the vulnerability is exploited, it can take down both the client and server via a Denial of Service (DoS) attack, which is a malicious attempt to make a service unavailable to users.
At this point, it is a race between web developers to patch their systems, and cybercriminals to exploit the vulnerability. Fortunately, this is a very small window of opportunity, as OpenSSL has released the patches for the developers today. It's not likely hackers will target consumers, but it is possible.
This vulnerability is not the first type we have seen with OpenSSL and will probably not be the last. Heartbleed, hit hard in April of last year, which could allow attackers to intercept secure communications and steal sensitive information. Four months later, a vulnerability known as POODLE was found in an older version of SSL, & SSL 3.0. Earlier this month, the vulnerability dubbed FREAK was discovered, which could enable attackers to use man-in-the-middle (MITM) attacks and capture and decrypt communications between affected clients and servers.