I think it's the code for generating alternative keys that's cross-platform, not the bug?
The original tweet appears to be talking about the code in pic.twitter.com/5idiMy5p3L which is just a bunch of OpenSSL code that modifies the provided certificate.
-
-
ie, it's using OpenSSL to modify a certificate, it's not taking advantage of any kind of bug in OpenSSL
-
I get that his original post was regarding his code to forge a certificate that very closely matches the original CA cert. My point was that his post demonstrated him forging a signature in linux. Now someone needs to research the second half to confirm/deny vulnerability.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.