How I tricked Symantec with a Fake Private Key https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html …
-
-
Replying to @hanno
Good luck convincing openssl anything in BUGS is a vuln. Some include really subtle warnings, but in reality entirely breaks all crypto.
2 replies 4 retweets 10 likes -
This is my fave, read this and tell me how scary reuse capability is? https://www.openssl.org/docs/man1.1.0/crypto/d2i_X509.html … It *silently* breaks x509 verification (!!)
1 reply 10 retweets 32 likes -
Pretty sure the reuse stuff is gone
1 reply 0 retweets 0 likes -
at the very least the docs here should be clarified. "In some versions of OpenSSL" is not a very good info.
2 replies 0 retweets 0 likes -
Nah, the reuse stuff is still in there. The new ASN.1 "embed" bits even rely on it.
1 reply 0 retweets 0 likes -
and the risk of it is what?
1 reply 0 retweets 0 likes
Here's me complaining about it and getting ignored.https://groups.google.com/forum/#!topic/mailing.openssl.users/5HlRdjjSAmM …
-
-
2013 was dark times. And email not even a ticket?
We'll look at it thanks!0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.