Researchers have found a way to hack the OpenSSL verification software used in many VPNs and web servers with forged certificates.The vulnerability affects a specific set of cryptographic X.509 keys known as PKCS #1 v1, and could allow an attacker to have a non-legitimate and forged certificate accepted as real, compromising and unpatched system.Versions of the software from 0.9.7j to 0.9.8b are said to be at risk, and the open source project has recommended that anyone using the software should update it immediately.“Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature,” the advisory warns. Uncovered by Bell Labs’ cryptographer Daniel Bleichenbacher, the complex exploit was first shown to fellow professionals at Crypto 2006 last month, but has only recently come to light now that a fix has been made available.The number of vendors affected by the issue is unknown but believed to be extensive given the popularity of the open source OpenSSL toolkit which is frequently used to implement SSL (secure sockets layer) and TLS (transport layer protocols). -John E. Dunn, Techworld.com (London)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe