Linked by Thom Holwerda on Thu 4th Mar 2010 21:53 UTC
Privacy, Security, Encryption Computer scientists say they've discovered a "severe vulnerability" in the world's most widely used software encryption package that allows them to retrieve a machine's secret cryptographic key. The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.
Permalink for comment 412820
To read all comments associated with this story, please click here.
RE: Comment by f0dder
by mintar on Tue 9th Mar 2010 09:52 UTC in reply to "Comment by f0dder"
mintar
Member since:
2008-09-26

And not just quick little hacks, but actually being able to "legitimately" sign firmware or the likes.


Well, the way firmware signing usually works isn't compromised by this. Usually, the private key needed to sign the firmware is stored somewhere safe at the manufacturer of the device, so you would have to have physical access to the manufacturer's systems to retrieve the private key.

Reply Parent Score: 1