OpenSSL Hit by Forgery Bug · Slashdot Mirror

Posted by ryuzaki0 on Monday September 25, 2006 @10:56AM from the fast-fixes dept.

Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."

1 of 69 comments (clear)

Min score:

Reason:

Sort:

Re:Google saves the day... by tedgyz · 2006-09-25 11:04 · Score: 4, Informative

Wonder if Google Desktop search can help me find all the bugs in Windows...
While I'm as quick to fawn over Google, let's give credit to "Daniel Bleichenbacher, a cryptographer with Bell Labs" for finding it.

--
"No matter where you go, there you are." -- Buckaroo Banzai