Researchers go BERserk in Buenos Aires
By Darren Pauli, 28 Oct 2014 A pair of Intel security researchers will tomorrow delve into a class of dangerous vulnerabilities they found last month that allowed forged RSA certificates to be created by abusing the Mozilla Network Security Services (NSS) cryptographic library.Attendees at a Buenos Aires event will be walked through the fine points of how flaws affecting the implementation of the RSA crypto standard (PKCS#1 version 1.5) allowed signature forgery attacks due to the parsing of Abstract Syntax Notation One (ASN.1) encoded sequences during signature verification.
The flaw makes it possible to execute man-in-the-middle attacks against supposedly secure connections and forced Mozilla to issue a patch back in September.
Full Article
