OpenSSL Hit by Forgery Bug

Posted by ryuzaki0 on Monday September 25, 2006 @10:56AM from the fast-fixes dept.

Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."

3 of 69 comments (clear)

Min score:

Reason:

Sort:

All your base belong to me! by Anonymous Coward · 2006-09-25 11:01 · Score: -1, Offtopic

ha
Vaguely relevant Simpsons quote by MicrosoftRepresentit · 2006-09-25 11:12 · Score: -1, Offtopic

Bart: Homer, how can this be possible? Homer: Fire up the klystron, Bart, theres only two days left Bart: Lisa, is this true? Lisa: I've run out of garlic, someone go and get some more Maggie: Its in the greenhouse, but I can't go in, I'm allergic to trowels Homer: D'oh!
class action by darkchubs · 2006-09-25 11:24 · Score: -1, Offtopic

you mean some sleazball lawyer will sue a sleazball company and try to monitize this "leak" for his own gain. Then every user of AOL will get about .02 cents.... but STILL they cant uninstall AOL... wow, where did I put that AOL coffee coaster. who cares.