2018/06/13: Blog post on the "SigSpoof". Marcus Brinkmann found this vulnerability that allows spoofing “signed” messages that are not actually signed. This post proves the vulnerability and shows the medias' reactionsRead more
2018/05/16: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more
EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more
2018/05/14: EFF statement regarding the newly disclosed vulnerabilities affecting PGP and S/MIME usersRead more
2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more
2019/01/04: Article on the developpement of Encryption by ThunderbirdRead more
2018/5/16 - two days after the public disclosure, Heise published a commentary about the disclosure process.
PGP ist nicht kaputt. Wenn man allerdings große Teile der Berichterstattung über die Efail-Lücken verfolgt hat, könnte man zu diesem Schluss...Read more