Yet another code error puts users at risk

Apple’s recent SSL code bug was bad. There’s no denying that. But another recently discovered error in coding could be even worse. 

The “goto fail” affected a wide variety of Apple services and products. What appears to have been a simple typo or mistake put millions of users at risk of man-in-the-middle attacks and snooping.

Now comes word of a GnuTLS bug. This bug makes it possible for attackers to easily bypass critical authentication checks on possibly hundreds of websites, OSs and services such as email apps.

Two things that make this advisory even worse:

  • it’s rated “extremely critical,” just as the Apple flaw was, and
  • it’s apparently been around since 2005.

Get ready for patches

Since this flaw’s been around for so long and is used in so many other products, get ready for a deluge of patches to vulnerable programs in the coming days and weeks.

Staying on top of these patches will be crucial. Here are some tips to help manage it better:

  • Assign apps to techs. Giving techs ownership over keeping individual or groups of apps up-to-date can help clear up confusion over whose responsibility it is.
  • Seek patches out. Rather than waiting for notification of an update, read up on products you use to see if there’s anything concerning announced or rumored.
  • Make it regular. Vulnerabilities pop up all the time, so don’t assume that the old “Patch Tuesday” is still the rule. If a fix is put out on a Wednesday, you don’t want to wait a full week before applying it to your systems.
  • Test, test, test. Updates can mess with your stuff. It’s annoying, but a fact of life. Make sure to test your patches in a safe environment until you’re sure they’re ready for release system-wide.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy