Monday 25 April 2022

‘Crypto Bug of the Year’ Fixed — Update Java NOW - Security Boulevard

Thumbs Down for Oracle: A ridiculously dumb flaw in Java’s signature checking code is now patched. The Elliptic Curve Digital Signature Algorithm (ECDSA) allowed a “blank” signature to be waved through. Doctor Who fans will recognise the reference in the “Psychic Signatures” moniker.

No comments:

Post a Comment