[Dshield] Digital sigs cracked (was: Re: Self-signed certificates)

Chris Brenton cbrenton at chrisbrenton.org
Thu Jun 16 10:33:50 GMT 2005

Since we're on the subject of digital signing, thought folks might find
this interesting if they have not run across it yet. Its specific to
postscript, but could easily be adapted to other file types:


Cryptographers have found a way to snip a digital signature from one
document and attach it to a fraudulent document without invalidating the
signature and giving the fraud away. 

The development means that attackers could potentially forge legal
documents, load certified software with bogus code, or turn a
digitally-signed letter of recommendation into one that authorizes
access to private information.

More information about the list mailing list