Slashdot Mirror


Security Flaw Discovered in GPG

WeLikeRoy writes "A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2."

2 of 151 comments (clear)

  1. Wonder... by Saeed+al-Sahaf · · Score: -1, Redundant

    ...how long the NSA has known about this?

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  2. Re:Double Bag That Burger by Doc+Ruby · · Score: -1, Redundant

    Go stick _Applied Cryptography_ up your 482d2721589499e5ad0c2e24bc6e7534 , Anonymous a0a0d7540b7cf3e9e78adfe611d816b9 Coward.

    --

    --
    make install -not war