“SigSpoof”的意思、由来-开放百科全书

In un-patched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances.^[5]^[6]^[2]^[8] This potentially enables a wide range of subsidiary attacks to succeed.^[5]^[6]^[2]^[8]

According to Marcus Brinkmann, who discovered the SigSpoof vulnerabilities in June 2018, their existence, and the fact that they were present "in the wild" for so long, throws into question the integrity of past emails, "backups, software updates, ... and source code in version control systems like Git."

References

1. ^¹²{{cite web|url=https://www.golem.de/news/sigspoof-signaturen-faelschen-mit-gnupg-1806-134940.html|title=SigSpoof: Signaturen fälschen mit GnuPG|website=Golem.de|last=Böck|first=Hanno|date=2018-06-13|accessdate=2018-10-08}}
2. ^¹²{{cite web|url=https://www.heise.de/security/meldung/Enigmail-und-GPG-Suite-Neue-Mail-Plugin-Versionen-schliessen-GnuPG-Luecke-4078685.html|title=Enigmail und GPG Suite: Neue Mail-Plugin-Versionen schließen GnuPG-Lücke|last=von Westernhagen|first=Olivia|website=Heise Security|accessdate=2018-10-08}}
3. ^¹²³{{cite web|url=https://www.theregister.co.uk/2018/06/19/gnupg_popped_again_in_pass/|title=Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug|website=The Register|last=Chirgwin|first=Richard|date=2018-06-19|accessdate=2018-10-08}}
4. ^¹²{{cite web|url=https://derstandard.at/2000081781101/20-Jahre-alter-Fehler-entdeckt-PGP-Signaturen-liessen-sich-einfach|title=20 Jahre alter Fehler entdeckt: PGP-Signaturen ließen sich einfach fälschen - derStandard.at|website=Der Standard|date=2018-06-18|accessdate=2018-10-08}}

词条	SigSpoof
释义	References {{short description\|Security vulnerabilities that affected GNU Privacy Guard}}{{Technical\|date=September 2018}}SigSpoof is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998. Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail.^[2] In un-patched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances.^[5]^[6]^[2]^[8] This potentially enables a wide range of subsidiary attacks to succeed.^[5]^[6]^[2]^[8] According to Marcus Brinkmann, who discovered the SigSpoof vulnerabilities in June 2018, their existence, and the fact that they were present "in the wild" for so long, throws into question the integrity of past emails, "backups, software updates, ... and source code in version control systems like Git." References 1. ^¹²{{cite web\|url=https://www.golem.de/news/sigspoof-signaturen-faelschen-mit-gnupg-1806-134940.html\|title=SigSpoof: Signaturen fälschen mit GnuPG\|website=Golem.de\|last=Böck\|first=Hanno\|date=2018-06-13\|accessdate=2018-10-08}} 2. ^¹²{{cite web\|url=https://www.heise.de/security/meldung/Enigmail-und-GPG-Suite-Neue-Mail-Plugin-Versionen-schliessen-GnuPG-Luecke-4078685.html\|title=Enigmail und GPG Suite: Neue Mail-Plugin-Versionen schließen GnuPG-Lücke\|last=von Westernhagen\|first=Olivia\|website=Heise Security\|accessdate=2018-10-08}} 3. ^¹²³{{cite web\|url=https://www.theregister.co.uk/2018/06/19/gnupg_popped_again_in_pass/\|title=Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug\|website=The Register\|last=Chirgwin\|first=Richard\|date=2018-06-19\|accessdate=2018-10-08}} 4. ^¹²{{cite web\|url=https://derstandard.at/2000081781101/20-Jahre-alter-Fehler-entdeckt-PGP-Signaturen-liessen-sich-einfach\|title=20 Jahre alter Fehler entdeckt: PGP-Signaturen ließen sich einfach fälschen - derStandard.at\|website=Der Standard\|date=2018-06-18\|accessdate=2018-10-08}} ^[1]^[2]^[3]^[4] }}{{Hacking in the 2010s}}{{computer-security-stub}} 2 : Vulnerability\|Computer security exploits
随便看	Richard Salter (disambiguation) Richard Salter (inventor) Richard Saltonstall (sheriff) Richard Sam Bera Richard Sammel Richard Sampson (author) Richard Sampson (cricketer) Richard Sampson (disambiguation) Richard Samuel Chattock Richard Samuel Elman Richard Samuel Guinness Richard Samuel (prefect) Richard Samuel Wimmer Richard Sanchez Richard Sandbrook Richard Sanderson (cricketer) Richard Sanderson Keen Richard Sanders Rogers Richard Sanders (wrestler) Richard Sandford (disambiguation) Richard Sandor Richard Santagati Richard Sarafian Richard Saran Richards, Arthur