Small vulnerability found in OpenSSL

Subject: General Tech | September 26, 2006 - 11:58 AM |
Tagged:

A very specific vulnerability in OpenSSL has been discovered, and patched recently.  It is only one particular signature, so it is likely to have affected very little, but that's no excuse not to patch.  Slashdot has links to the article.

"The flaw only affects a particular type of signature--PKCS #1 v1.5 signatures--but these are used by some certificate authorities. [...]

The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer

with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and

providing the fix."

Here is some more Tech News from around the web:

Tech Talk


Source: Slashdot