Security Flaw Discovered in GPG 151
WeLikeRoy writes "A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2."
Oh no! (Score:4, Funny)
what is GPG?
Yeah, I will go RTFA. However, summaries that assume you are familiar with an acronym are rude, IMHO
Whew! (Score:5, Funny)
Bug Intentionally Placed? (Score:2, Funny)
For all the tinfoil hat people out there, I propose that the bug may have been placed intentionally, since GnuPG is, in fact, an opensource community project. So instead of taking hours to obtain a GPG key, the NSA could spend seconds and impersonate an otherwise [strike]paranoid[/strike] privacy-oriented person in typically confidential memos. Maybe a full accounting as to when the bug got there, how it got there, who put it there and the chances of it being purely human error are to be demanded? After all, some people (including myself) have invested some very expensive stakes in the security of GnuPG over the years.
HopeSeekr of xMule
Re:Bug Intentionally Placed? (Score:5, Funny)
hang on, i'll tell him (Score:1, Funny)
that GPG user lives downstairs i'll just tell him there is a problem
Well , What is GPG? (Score:4, Funny)
Aha! (Score:5, Funny)
Re:Don't forget Win95! (Score:5, Funny)
Re:Aha! (Score:4, Funny)
Re:Don't forget Win95! (Score:4, Funny)
Someone should get fired (Score:3, Funny)
Oh, it isn't corporate product, nevermind.
check.. (Score:5, Funny)
Re:Double Bag That Burger (Score:5, Funny)
That's an awesome idea. I'm going to start doing that right now! :P
application/x-pkcs7-signature; name="smime.p7s"
Damn Microsoft!! (Score:4, Funny)
Re:Bug Intentionally Placed? (Score:5, Funny)
Quick! (Score:4, Funny)
Re:Whew! (Score:5, Funny)
Re:Oh no! (Score:3, Funny)
-Peter
Re:GPG is: (Score:2, Funny)
Re:Bug Intentionally Placed? (Score:5, Funny)
Re:Double Bag That Burger (Score:5, Funny)
How in the F*** did THAT make it through the lameness filters?!
Re:Oh no! (Score:3, Funny)
"If you do not know what GPG is, you're not a nerd - and you're on the wrong site."
I think about 98% of the science department at any college would tell you exactly what a fucking idiot you are for making such a broadly stupid statement. Are you seriously so deluded that you think the only type of nerd is a computer nerd? And that all computer nerds have heard of this one specific release of a technology rarely used even in business environments? The majority of nerds and geeks don't know what GPG is. People like you and me are the minority, fucking get over it, and get over yourself.
"Seriously: Go away."
Fuck you, you go away. I'd take a complete know-nothing over an arrogant asshole anyday. People like you detract from the value of this site. No one gives a shit you've been here since the 90's. Why don't you go have a plaque made to hang up on your bedrooom wall to show how cool you are? Do you put your slashdot UID on resumes as an acheivement?
"Rude is to be at a site where you obviously do not belong - irritating the people who has frequented the site since the 90s."
Rude is to act like you are the sole arbitrator of who should and should not be allowed to voice their opinion on an open forum, like you're the fucking gestapo or something. Given the recent history of postings The GP [slashdot.org] has, in the eyes of the users of this site, a better quality of contribution than You [slashdot.org].
Based on your attitude I can only assume you are a sad, pathetic man, with delusions of some sort of elevated importance via seniority. I, as well as the majority of slashdotter welcome ANYONE who is interested in science, technology, gaming, or any of the various subjects that slashdot covers, including politics, regardless of their ignorance of a certain subject or technology. You're nothing but an eSnob.
It could happen... (Score:1, Funny)
Have you heard? GPG has a bug in it that lets people append data to a signed email message! What are we going to do to stop Malory from attacking us?
Sincerely,
Bob
PS. Jus7 k!dd!ng! 1ts n0t 7ru3! I'm t@lk!ng thr0ugh my @$$!! LOLOLOLOLOL