A programming error discovered last week makes at least four open-source operating systems and 25 applications vulnerable to hacking, and a patch distributed to fix it doesn’t solve the problem. Worse, the vulnerability can extend to computers not even running the deficient code, reports Technology Review. The mistake went unnoticed for almost 2 years.
Programmers accidentally restricted the number of encryption keys the affected computers could use to protect information sent over networks to just 32,767, making it possible for hackers to crack the encryption by trying all possible keys. Furthermore, the keys are portable, meaning they could be installed on computers that weren’t running the vulnerable code in the first place. (More computer security stories.)