#EFail - the security industry and the importance of nuance (HackDefense article)

2018(05/14: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more

PGP und S/MIME abschalten (Golem article)

2018/05/14: Article on the disclosed vulnerabilities in OpenPGP and S/MIMERead more

efail: Outdated Crypto Standards are to blame (Hanno's blog)

2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more

EFAIL bundle

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more

HTML MAils have no Security Concept and are to blame (Hanno's blog)

2018/06: Hanno Böck's toughts and opinions on HTML mails and its roles in the EFAIL vulnerabilitiyRead more

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

PGP und S/MIME: So funktioniert Efail (Heise article)

2018/05/14: Heise Security article explaining how EFAIL worksRead more

Subscribe to Efail