OpenSSL Hit by Forgery Bug

Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."

Re:All your base belong to me!

[Feyr]

more like,

all your certs are belong to me

who knew

[User 956]

ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique.

Who knew that OpenSSL would have ever had anything in common with a Wal-Mart cashier?

1.0

[Richard W.M. Jones]

If only they'd released a 1.0 version that would never have happened...

Re:All your base belong to me!

[SeaFox]

all your certs are belong to me

I use Tic-Tacs you insensitive clod!