Tuesday, March 04, 2014

GnuTLS Broken Too

Ars Technica reports Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping. Apparently GnuTLS has been broken since 2005 in a similar way as the recent Apple gotofail bug (which was introduced in late 2012). So much for the argument that open source security code is safer because of code reviews.

No comments: