yeah thanks to zert for stepping in with the fix. microsoft did not have "time" to release a patch. for what i understand microsoft only released the patch a few days after the third party patch appeared online. coincidence or what? with microsoft being reluctant to change their monthly update cycle. attackers have taken advantage of this. i cant understand why they are reluctant to do this. microsoft just let their users systems be vulnerable and unprotected for several weeks until the new patch is updated. to me this is a concern especially now when zero-day vulnerabilities wont be left alone by the attackers. microsoft should do better to protect their users.
although this bug has been fixed in ssl. browsers are also affected by it. the attack requires that one of the accepted certificate authorities uses an RSA key with the exponent 3. all of the major browsers have such a CA. browsers like IE and safari are not affected by this. In firefox however it is affected but there already exists a fix from version 1.5.0.7 so no need to worry if youre using firefox and youre up to date. konqueror meanwhile uses opsnssl libraries and is not affected is it is up to date.
the only browser that is still affected is opera. the update is not yet available and will only be available "soon". It is recommended that you remove opera until an update is made available.
this problem also does not affect only browsers. it effects programs that use X.509 certificates.
cheers.
Slashdot Mirror
yeah thanks to zert for stepping in with the fix. microsoft did not have "time" to release a patch. for what i understand microsoft only released the patch a few days after the third party patch appeared online. coincidence or what? with microsoft being reluctant to change their monthly update cycle. attackers have taken advantage of this. i cant understand why they are reluctant to do this. microsoft just let their users systems be vulnerable and unprotected for several weeks until the new patch is updated. to me this is a concern especially now when zero-day vulnerabilities wont be left alone by the attackers. microsoft should do better to protect their users.
although this bug has been fixed in ssl. browsers are also affected by it. the attack requires that one of the accepted certificate authorities uses an RSA key with the exponent 3. all of the major browsers have such a CA. browsers like IE and safari are not affected by this. In firefox however it is affected but there already exists a fix from version 1.5.0.7 so no need to worry if youre using firefox and youre up to date. konqueror meanwhile uses opsnssl libraries and is not affected is it is up to date. the only browser that is still affected is opera. the update is not yet available and will only be available "soon". It is recommended that you remove opera until an update is made available. this problem also does not affect only browsers. it effects programs that use X.509 certificates. cheers.