http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/ By Dan Goodin in San Francisco The Register 4th March 2010 Computer scientists say they've discovered a "severe vulnerability" in the world's most widely used software encryption package that allows them to retrieve a machine's secret cryptographic key. The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms. "Wherever you need to verify the origin of a piece of software or a piece of information, those building blocks come in handy," said Karsten Nohl, an independent security researcher who in unrelated attacks has broken encryption in widely used smartcards and cordless phones. "The OpenSSL library provides much more than just SSL." The scientists, from the University of Michigan's electrical engineering and computer science departments, said the bug is easily fixed by applying cryptographic "salt" to an underlying error-checking algorithm. The additional randomization would make the attack unfeasible. [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/Received on Fri Mar 05 2010 - 00:43:52 PST
This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 00:54:42 PST