Oracle Employee Wrecked Socat Security

Kaspersky's Threatpost reports that Oracle employee Zhiang Wang introduced a patch to the Open Source socat utility which broke its security by changing a hard coded Diffie-Hellman prime number to a 1024 bit number that is not prime (archived). While substantial discussion is occurring around whether the change was introduced to create backdoor, the change as a point of fact broke the security promised by socat.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>