Monday, September 25, 2006 
Researchers have found <A HREF="http://www.cio.com/blog_view.html?CID=25093">a way to hack the OpenSSL verification software</A> used in many VPNs and Web servers with forged certificates. The vulnerability affects a specific set of cryptographic X.509 keys known as PKCS #1 v1, and could allow an attacker to have a non-legitimate and forged certificate accepted as real, compromising and unpatched system. Versions of the software from 0.9.7j to 0.9.8b are said to be at risk, and the open source project has recommended that anyone using the software should update it immediately.
