Small vulnerability found in OpenSSL
Subject: General Tech | September 26, 2006 - 08:58 AM | Jeremy Hellstrom
A very specific vulnerability in OpenSSL has been discovered, and patched recently. It is only one particular signature, so it is likely to have affected very little, but that's no excuse not to patch. Slashdot has links to the article.
"The flaw only affects a particular type of signature--PKCS #1 v1.5 signatures--but these are used by some certificate authorities. [...]
The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer
with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and
providing the fix."
Here is some more Tech News from around the web:
- World's Smallest Keychain Camera @
- "IE for Linux" hack offers one more reason not to boot
Windows @ The Inquirer
- Latest Vista RC1, build 5728, won't work @ The
- PC squeezed onto an Ipod @ The Inquirer
- Dragon NaturallySpeaking 9 @ Ars Technica
- AMD to counter Intel QX6700 with three new Athlon 64 FX
CPUs in mid-November @ DigiTimes
- Apple iPod Battery Secrets @ Futurelooks
- Anthro eNook Review @ Digital Trends
- Sony Ericsson Z610i @ Hardware Zone
- Datacolor SpyderTV Pro Review @ XYZ
- Fall IDF 2006: Intel Shows Quad-Core Kentsfield @ Legit
Developer Forum Fall 2006 - News Roundup @ Hardware.Info
Get notified when we go live!