Crypto Flaw Prone to Spoofing

    Date12 Sep 2006
    Posted ByBrittany Day
    A new flaw in how some developers implement RSA cryptography has left OpenSSL and other applications vulnerable to attackers forging digital signatures and spoofing Websites as well as SSL clients.

    OpenSSL, one of the most popular open cryptography toolkits, was the first to report the flaw in its RSA cryptography implementation, along with Fedora, which uses OpenSSL in Fedora Core 5 Linux, but security researchers say there will likely be more disclosures soon from other open source as well as commercial software vendors. The flaw was originally discovered by Bell Labs researcher Daniel Bleichenbacher. "It's particularly worrisome to think that some hardware-accelerated appliances may be hardwired into being vulnerable to the attack" as well, says Thomas Ptacek, a researcher with Matasano Security.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.