#priv: OpenSSL vuln

Monday, September 14, 2009

OpenSSL vuln

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation.

bugtraq link

#priv

search PRIV & ALL sites linked here

Monday, September 14, 2009

OpenSSL vuln

No comments:

Post a Comment

Videoz

Newz

Cheat Sheetz

Twitter InfoSec Listz

Zines

Archivez

SecurityNewsPortal.com latest breaking computer security, virus and hacking news

Daily Dave (dailydave) Mailing List

SecDocs Feed

SANS Information Security Reading Room

Packet Storm ≈ Full Disclosure Information Security

Coresec.org - Information Security Blog

Cyber Risk Reports

Full Disclosure (fulldisclosure) Mailing List

Dissecting The Hack

Hack a Day

Bugtraq

LinKz++

Blog Archive