“The NSA discovered an error in the Microsoft code that verifies those signatures, potentially enabling a hacker to forge the signature”https://www.washingtonpost.com/national-security/nsa-found-a-dangerous-microsoft-software-flaw-and-alerted-the-firm--rather-than-weaponize-it/2020/01/14/f024c926-3679-11ea-bb7b-265f4554af6d_story.html …
-
-
Are you saying this affects X.509 validation?
-
Indeed I am.
- 5 more replies
New conversation -
-
-
I don't believe the headline. How do we know this was recently discovered and has not already been weaponized. A strategy they could be using is: 0. Discover vuln. 1. Weaponize it. 2. Deploy weapon. 3. Decommission weapon. 4. Notify vendor.
-
One possibility is that they “discovered” it while reverse-engineering another state actors’ exploit.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.