Maximum PC: Imagine being told that you're in danger for the next couple of days and that there's nothing you can do about it but sit tight and wait it out. Talk about suckage. Well, that's essentially what the OpenSSL Project just did, though there's a reason behind it. The OpenSSL Project announced plans to plug up several security holes, including one that's classified as "high severity," in a series of updates scheduled for March 19.
DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, was revealed today as an attack that could decrypt your secure HTTPS communications, such as passwords or credit card numbers. More than 33 percent of servers are vulnerable — significantly less than Heartbleed, but still a surprisingly high number.
