Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Hit by Forgery Bug

Posted by ryuzaki0 on from the fast-fixes dept.

Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."

4 of 69 comments (clear)

  1. Re:All your base belong to me! by Feyr · · Score: 3, Funny

    more like,

    all your certs are belong to me

  2. who knew by User+956 · · Score: 3, Funny

    ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique.

    Who knew that OpenSSL would have ever had anything in common with a Wal-Mart cashier?

    --
    The theory of relativity doesn't work right in Arkansas.
  3. 1.0 by Richard+W.M.+Jones · · Score: 3, Funny

    If only they'd released a 1.0 version that would never have happened...

    --
    libguestfs - tools for accessing and modifying virtual machine disk images
  4. Re:All your base belong to me! by SeaFox · · Score: 3, Funny
    all your certs are belong to me

    I use Tic-Tacs you insensitive clod!