top of page
  • Safi Bello

1998 attack that messes with sites’ secret crypto keys is back in a big way

Ars Technica --------- A surprisingly big number of top-name websites—Facebook and PayPal among them—recently tested positive for a critical, 19-year-old vulnerability that allowed attackers to decrypt encrypted data and sign communications using the sites' secret encryption key. The vulnerability in the transport layer security protocol for Web encryption was disclosed in 1998 when researcher Daniel Bleichenbacher found it in the TLS predecessor known as secure sockets layer. A flaw in the algorithm that handles RSA encryption keys responded to certain types of errors in a way that divulged potentially sensitive information. With enough specially formed queries, attackers could exploit the weakness in a way that allowed them to decrypt ciphertext even when they didn't have the secret decryption key. SSL architects responded by designing workarounds that suppressed the error messages rather than removing or rewriting the faulty RSA algorithm. To learn more click on the picture below to read the article.

1998 attack that messes with sites’ secret crypto keys is back in a big way - Read More from Ars Technica

1 view
Featured Posts
Recent Posts
Follow Us
  • Instagram
  • Pinterest
  • Tumblr Social Icon
bottom of page