security vulnerability

Knights and Knaves Run Elections: Internet Voting and Undetectable Electoral Fraud (IEEE article)

2019/07/04: Institute of Electrical and Electronics Engineers's article on the vulnerability found in the Swiss Post e-voting system, the security of e-voting systems and how to build a trustworthy e-voting system.

Reference: ...Read more

How not to prove your election outcome (SwissPost voting system 2nd vuln reporte)

2019/03/25: Public vulnerability report in the SwissPost e-voting system. Explanation and proof of the vulnerability. This is the second report showing vulnerabilities in this e-voting system by the security researchers team of Sarah Jamie Lewis, Vanessa Teague, and Olivier Pereira.

...Read more

Error in the source code discovered and rectified (Swiss Post press release)

2019/03/12: Swiss Post official press release reacting to the vulnerability found by security researchers during the public intrusion test on their e-voting system.Read more

Release of source code leads to discovery of flaw in Swiss Post’s new e-voting system (Federal Chancellery press release)

2019/03/12: Federal Chancellery official press release about the flaws found in the Swiss Post e-voting system. The Federal Chancellery calls for Swiss Post to review and improve it's system's security process and "will review the relevant certification and authorization procedures." The...Read more

Gravierender Mangel am E-Voting-System der Post entdeckt (Republik article)

2019/03/12: Republik article about the vulnerability reported by  security researcher in the Swiss Post e-voting systemRead more

efail: Outdated Crypto Standards are to blame (Hanno's blog)

2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more

Trapdoor commitments in the SwissPost e-voting shuffle proof

2019/03/12 : Report of researchers who found a vulnerability in the SwissPost e-voting shuffle. The trapdoor commitment scheme allows an undetectable vote manipulation.

Full version hereRead more

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register Comments section)

2018/05/14: Comments section under the article of The Register "S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats"Read more

No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)

2018/05/15: Article going through why PGP isn't "broken" even though vulnerabilities have been found in it. 

Reaction to this article available here : https://cva.unifr.ch/content/no...Read more

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more

Subscribe to security vulnerability