Small vulnerability found in OpenSSL

Subject: General Tech | September 26, 2006 - 11:58 AM |
Tagged:

A very specific vulnerability in OpenSSL has been discovered, and patched recently.  It is only one particular signature, so it is likely to have affected very little, but that's no excuse not to patch.  Slashdot has links to the article.

"The flaw only affects a particular type of signature--PKCS #1 v1.5 signatures--but these are used by some certificate authorities. [...]

The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer

with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and

providing the fix."

Here is some more Tech News from around the web:

Tech Talk


Source: Slashdot
No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.