New Bug Found in Widely Used OpenSSL Encryption - NYTimes.com

Sigh -- the article also notes "Security experts are still trying to plug the hole left by Heartbleed, the bug found in the widely used OpenSSL encryption protocol, with some 12,000 popular domains still vulnerable"

"Unlike Heartbleed, which could be used to directly exploit any server using OpenSSL, this new bug requires that the attacker be located between two computers communicating. A likely target, for example, would be someone using an airport’s public Wi-Fi.

The new bug was introduced into OpenSSL when it was first released in 1998, more than 10 years before Heartbleed, which was first introduced in a code update on New Year’s Eve in 2011."

New Bug Found in Widely Used OpenSSL Encryption - NYTimes.com