Oh great: Is this new OpenSSL flaw worse than Heartbleed?

rusty padlock security heartbleed
OpenSSL may be about as secure as a rust-eaten padlock

The Heartbleed flaw discovered in OpenSSL was one of the worst web vulnerabilities in history, but believe it or not it may have already been dethroned.

Even more incredible is the fact that once again, OpenSSL may be to blame.

The "CCS Injection Vulnerability" was discovered by Tatsuya Hayashi, who said it "may be more dangerous than Heartbleed," according to The Guardian.

Attackers can reportedly use this weakness to intercept and even alter data passing between computer and websites in a classic man-in-the-middle maneuver as long as they're on the same network, like a public Wi-Fi hub.

Hopelessly flawed

The flaw was reportedly introduced into the OpenSSL encryption standard 16 years ago, when OpenSSL was introduced in 1998, but it's only just been discovered.

It affects all past versions of OpenSSL and servers running OpenSSL 1.0.1 or the beta version for 1.0.2.

Meanwhile it's not even the only flaw to be uncovered this week; another allowed hackers to send malicious code to machines running OpenSSL. This flaw was reportedly added four years ago by Robin Seggelmann, the same dev who created Heartbleed.

The OpenSSL open source project has already issued a patch, but this newest discovery has nevertheless revived the question of whether it's time to kill OpenSSL once and for all.

Michael Rougeau

Michael Rougeau is a former freelance news writer for TechRadar. Studying at Goldsmiths, University of London, and Northeastern University, Michael has bylines at Kotaku, 1UP, G4, Complex Magazine, Digital Trends, GamesRadar, GameSpot, IFC, Animal New York, @Gamer, Inside the Magic, Comic Book Resources, Zap2It, TabTimes, GameZone, Cheat Code Central, Gameshark, Gameranx, The Industry, Debonair Mag, Kombo, and others.


Micheal also spent time as the Games Editor for Playboy.com, and was the managing editor at GameSpot before becoming an Animal Care Manager for Wags and Walks.