A 19-year-old vulnerability in the TLS network security protocol has been found in the software of at least eight IT vendors and open-source projects – and the bug could allow an attacker to decrypt encrypted communications. Identified by security researchers Hanno Böck, Juraj Somorovsky of Ruhr-Universität Bochum/Hackmanit, and Craig Young of Tripwire VERT, the flaw – specifically in RSA PKCS #1 v1.5 encryption – affects the servers of 27 of the top 100 web domains, including Facebook and PayPal.
Read more