Ask HN: Is your organisation patching the critical OpenSSL vulnerability?
I'm wondering how many organisations aren't really aware yet of how serious this is.
"OpenSSL warns of critical security vulnerability with upcoming patch
We don't have the details yet, but we can safely say that come Nov. 1, everyone -- and I mean everyone -- will need to patch OpenSSL 3.x. "
https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/
14 comments
[ 3.3 ms ] story [ 41.2 ms ] threadEdit: I don't have an organization.
It may even extend to boring ssl.
Older deployments would be on 1.1.1, which this does not affect.
Last time it took Fortinet over 6 years to fix the publicly known backdoor/bypass, and they were the reason for the majority of hacks in 2021 because of that.
I fear the next couple years the monoculture in Enterprise IT will experience the same thing all over again, because their bought supply chain doesn't care much about RCEs like this.