SoylentNews

Leebert [soylentnews.org] writes:

The Register has an article [theregister.co.uk] about an SSL 3.0 vulnerability which is set to be released shortly. It appears that the vulnerability is currently embargoed to allow vendors to coordinate patches. El Reg is inferring from this embargo that the vulnerability will be one of some significance, à la Heartbleed.

The article is exceptionally light on details or substance, and it's not even entirely clear as to when this vulnerability will be announced: The URL says "nasty_ssl_30_vulnerability_to_drop_tomorrow", but the article is dated today (October 14) and the wording seems to imply the details will be released at around noon PDT (19:00 UTC) today.

Perhaps if and when this submission finds its way to the front page, there will be more details available and an update will be warranted.

---

Original Submission