Security Alerts & News
by Tymoteusz A. Góral

#1323 PGP security weakness exposed
If someone signs and encrypts their code or email with their PGP digital signature, you could, in theory, be sure they are who they say they are and their words or code are indeed their words or code. If they use a short (32-bit or smaller) key, they have no real security. In that case, a hacker can now easily forge a fake PGP signature. And that's exactly what happened to Linus Torvalds, Greg Kroah-Hartman, and other leading Linux kernel developers.

On the Linux Kernel Mailing List (LKML), it was revealed that for the last two months, since about mid-June, "some developers found their fake keys with same name, email, and even 'same' fake signatures by more fake keys in the wild, on the keyservers".

This isn't a new attack. Linux programmers have known since December 2011 that short PGP keys were inherently insecure. It's just that no one bothered to break the PGP keys... until now.
Read more
#1323 PGP security weakness exposed
#1322 Cisco patches 'ExtraBacon' zero-day exploit leaked by NSA hackers
#1321 Cisco confirms NSA-linked zeroday targeted its firewalls for years
#1320 People ignore software security warnings up to 90 percent of the time
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12