OpenSSL Hit by Forgery Bug 69
Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."
Re:All your base belong to me! (Score:4, Funny)
all your certs are belong to me
who knew (Score:4, Funny)
Who knew that OpenSSL would have ever had anything in common with a Wal-Mart cashier?
1.0 (Score:4, Funny)
Re:All your base belong to me! (Score:4, Funny)
I use Tic-Tacs you insensitive clod!