In this case, they found a vulnerability in the signature scheme which allowed them to recover a compatible private key. Their signatures are as valid as Sony's own.
Nate Lawson also has a great post on how this can happen, although it's not specific to this case: http://rdist.root.org/2010/11/19/dsa-requirements-for-random...
In this case, they found a vulnerability in the signature scheme which allowed them to recover a compatible private key. Their signatures are as valid as Sony's own.
Nate Lawson also has a great post on how this can happen, although it's not specific to this case: http://rdist.root.org/2010/11/19/dsa-requirements-for-random...