back to article Intel bods to detail RSA birko crypto man-in-the-middle diddle

A pair of Intel security researchers will tomorrow delve into a class of dangerous vulnerabilities they found last month that allowed forged RSA certificates to be created by abusing the Mozilla Network Security Services (NSS) cryptographic library. Attendees at a Buenos Aires event will be walked through the fine points of …

  1. tony2heads

    version 1.5

    Doesn't that date from the 90's ??

    1. Anonymous Coward
      Anonymous Coward

      Re: version 1.5

      Does that make it bad? This is an exploit of the Mozilla implementation not a design weakness.

  2. dajames


    So ... there's a bug in NSS ... and it's already been patched. There's no need to make it sound as though there's anything wrong with the standard that that part of NSS implements (which there isn't).

    It's good to have a heads-up about this, but it would be much more interesting to know HOW the explot works, and why NSS's less-than-rigorous parsing of ASN.1 leads to a vulnerability in the first place.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like