Security Flaw Discovered in GPG

WeLikeRoy writes "A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2."

Don't forget Win95!

[Un-Thesis]

Don't forget the RSA key that had the words "NSA key" in the debug symbols that first made it into windows 98 and stayed there until WinXP SP2!! I feel these things are probably very prevalent; it's already common knowledge every U.S. ISP is pwned by their black boxes, usually also loaned to the FBI and then false-flagged as 'carnivore' (in reality it's an outcropping of ECHELON...err, now ADVISE (see my slashdotted story...)

Re:Wonder...

SiNceL YkE 19722222222222222222222222222222222222222222222222 222

Re:Not a fundamental flaw.

Ah, the famous "I want to be near the top, so I will reply to something that isn't related to what I am posting so I can get karma".

LOL GNU

LOL

FROST6 PIST...

It there. Bring do and doing WHat BSD machines,

Re:Oh no!

Just look at the hall of fame. Nine out of ten most active stories are drivel that most idiots discuss around the watercooler daily. News for nerds my foot. Also, all you fucking opinionated idiots with modpoints can suck my cock.

Re:Oh no!

[arcade]

If you do not know what GPG is, you're not a nerd - and you're on the wrong site.

Seriously: Go away.

Or at least: DO NOT comment articles. It's pretty damn obvious that you don't know enough to do so. And rude? Rude is to be at a site where you obviously do not belong - irritating the people who has frequented the site since the 90s.