Sign in / up

back to article Intel bods to detail RSA birko crypto man-in-the-middle diddle

A pair of Intel security researchers will tomorrow delve into a class of dangerous vulnerabilities they found last month that allowed forged RSA certificates to be created by abusing the Mozilla Network Security Services (NSS) cryptographic library. Attendees at a Buenos Aires event will be walked through the fine points of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. tony2heads
    WTF?

    version 1.5

    Doesn't that date from the 90's ??

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: version 1.5

      Does that make it bad? This is an exploit of the Mozilla implementation not a design weakness.

      0 0 Reply
  2. dajames
    WTF?

    So?

    So ... there's a bug in NSS ... and it's already been patched. There's no need to make it sound as though there's anything wrong with the standard that that part of NSS implements (which there isn't).

    It's good to have a heads-up about this, but it would be much more interesting to know HOW the explot works, and why NSS's less-than-rigorous parsing of ASN.1 leads to a vulnerability in the first place.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like