Another bug has been determined with OpenSSL, which is the security that guards our private web communication. This bug targets the handshake between your computer and website.
Handshake actually keep your Web communication private which is the same as the one currently affected by the nasty Heartbleed bug.
Handshake is the one that secures conversations among its users, but a new flaw was discovered about this program. Security researchers found an existing flaw in its system, a bug that allows a hacker to operate between you and a website through public Wi-Fi network that will snoop in on your Internet session.
- In a ‘triple handshake’ attack, there is an entry point for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.
However, there is nothing to worry about it because handshake bug isn’t as alarming as Heartbleed. Only the major browsers are get affected by this bug like Google’s Android mobile operating system.
The hackers can only use the bug if you and the website are both running vulnerable versions of the encrypting software known as OpenSSL. This is another sign that Internet security only depends on a few volunteers.
“The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient,” Kikuchi wrote in a blog post.
They had already fixed the bug and web browser makers and website servers should update their systems.There is only one way to avoid handshake bug? Keep yourself clean. Don’t use strangers’ Wi-Fi.