Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Hit by Forgery Bug

Posted by ryuzaki0 on from the fast-fixes dept.

Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."

2 of 69 comments (clear)

  1. Re:Google saves the day... by AmberBlackCat · · Score: 0, Troll

    Mindlessly attacking Windows doesn't make this flaw go away in the open source software, just as saying something bad about China doesn't make the United States the land of the free or the home of the brave. Replying to this message with some inaccurate claim about Windows having a thousand new bugs every day won't make it go away either.

  2. Netcraft confirms it... by Brando_Calrisean · · Score: 0, Troll

    ... OpenSSH is dead

    --
    Don't call me a cowboy, and don't tell me to slow down!