Open-Source Security Flaw Exposes Millions

Encryption error went undetected for nearly 2 years
By Laila Weir,  Newser User
Posted May 22, 2008 6:16 PM CDT
Hewlett Packard laptop on display at Best Buy in Mountain View, Calif., Monday, May 13, 2008.    (AP Photo/Paul Sakuma)
camera-icon View 2 more images

(Newser) – A programming error discovered last week makes at least four open-source operating systems and 25 applications vulnerable to hacking, and a patch distributed to fix it doesn’t solve the problem. Worse, the vulnerability can extend to computers not even running the deficient code, reports Technology Review. The mistake went unnoticed for almost 2 years.

Programmers accidentally restricted the number of encryption keys the affected computers could use to protect information sent over networks to just 32,767, making it possible for hackers to crack the encryption by trying all possible keys. Furthermore, the keys are portable, meaning they could be installed on computers that weren’t running the vulnerable code in the first place.