Chrome and Firefox accept possible counterfeit certificates




A bug in a library that is used for secure connections include Chrome and Firefox made possible counterfeit certificates were accepted. Both browsers has now released an update.

Lack ssl Certain values ​​in an ssl certificate were not strict enough parsed, so the Network Security Services library to the garden could be headed with false RSA certificates. Discovered several researchers; a French researcher the problem occurred simultaneously with the security team at Intel on the track. RSA is one of the most widely used encryption algorithms for certificates.

Network Security Services is an open source library for ssl connections used in Firefox, Chrome and Chrome OS. Include For both browsers is tonight an update released . Also include Thunderbird, the mod_ssl module for Apache, Pidgin, and Java lean on Network Security Services. Chrome on Android uses a different SSL library.

The problem can only be exploited if an attacker connecting the visitor is able to intercept, for example to set up a fake Wi-Fi access point or lead. By a user to a spoofed web page It is not yet clear whether abuse was also in practice vulnerability. The Intel security team promises to release all the technical details of the problem, a paper.


In: Technology & Gadgets Asked By: [15469 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »