Dan Goodin, writing at ArsTechnica, regales us with this sorry tale of another deep and aged flaw (in existence for nearly 16 years) in OpenSSL's cryptolib. This time, the flaw exists in the ChangeCipherSpec component of the crypto-library. Outstanding research, crafted by Lepidum tells it all.