“The flaw only affects a particular type of signature–PKCS #1 v1.5 signatures–but these are used by some certificate authorities. […] The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix.”Here is some more Tech News from around the web:
- World’s Smallest Keychain Camera @ DailyCE
- “IE for Linux” hack offers one more reason not to boot Windows @ The Inquirer
- Latest Vista RC1, build 5728, won’t work @ The Inquirer
- PC squeezed onto an Ipod @ The Inquirer
- Dragon NaturallySpeaking 9 @ Ars Technica
- AMD to counter Intel QX6700 with three new Athlon 64 FX CPUs in mid-November @ DigiTimes
- Apple iPod Battery Secrets @ Futurelooks
- Anthro eNook Review @ Digital Trends
- Sony Ericsson Z610i @ Hardware Zone
- Datacolor SpyderTV Pro Review @ XYZ Computing
- Fall IDF 2006: Intel Shows Quad-Core Kentsfield @ Legit Reviews
- Intel Developer Forum Fall 2006 – News Roundup @ Hardware.Info
Small vulnerability found in OpenSSL
A very specific vulnerability in OpenSSL has been discovered, and patched recently. It is only one particular signature, so it is likely to have affected very little, but that’s no excuse not to patch. Slashdot has links to the article.