Jan 21st 2020
Tech Break 6065
Microsoft Issues Security Update to Fix "Curveball" Vulnerability
Hosted by
Leo Laporte,
Steve Gibson
CurveBall Vulnerability
This feed has been discontinued, but you can find the clips in our archives.
"CurveBall" is a spoofing vulnerability in the way the certificates are accepted without proper verification of the explicit curve parameters within the certificates. Essentially, this flaw allows an attacker to supply his own generated X.509 certificates by using an “explicit parameters” option to set those curve parameters.
Subscribe & watch the full Podcast:
You can find more about TWiT and subscribe to our full shows at https://twit.tv/shows/