heart-bleed-bug-650x0

Another serious vulnerability has been found in OpenSSL’s crypto library. This coming just on the heels of the Heartbleed nightmare.

If you are running as a client you are vulnerable no matter the older version of OpenSSL, but servers are only vulnerable when running 1.0.1 and 1.0.2-beta1 – and in order for an attack to occur both ends of the equation must be using a vulnerable version of OpenSSL

Read Ars Technica’s reporting on this here.