Critical Vulnerability in OpenSSL 3 - should I be concerned?
On October 25th, the OpenSSL Project Team announced that OpenSSL 3 had a CRITICAL security vulnerability. Details are due to follow on November 1st, but unsurprisingly the Internet is already awash with rumours and speculation. Here's the thing - although it's a CRITICAL vulnerability, chances are very high that it doesn't affect you.
So, should you panic? No. Should you pay special attention to the coming announcement and check that you aren't running OpenSSL 3 anywhere? Yes, that would be prudent even though you're almost certainly running OpenSSL 1.1.1 or potentially even OpenSSL 1.0.2 which aren't vulnerable.
Here's a link to the full guest post on ITP's Tech Blog that has a lot more detail:
Peter Membrey is a Chartered Fellow of the British Computer Society, a Chartered IT Professional and a Chartered Engineer. He has a doctorate in engineering and a masters degree in IT specialising in Information Security. He's co-authored over a dozen books and a number of research papers on a variety of topics. These days he is focusing his efforts on creating a more private Internet, raising awareness of STEM and helping people to reach their potential in the field.