security vulnerability

Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts (blog post)

2019/07/30: Mohd Haji's blog post on one of findings in Paypal. Explanation of the vulnerability he found and the steps he took.Read more

How To Turn PGP Back On As Safely As Possible (EFF article)

2018/05/29: EFF recommendation for PGP users on how to react to the EFAIL vulnerabilities disclosureRead more

Efail or OpenPGP is safer than S/MIME (W. Koch email)

2018/05/14: Werner Koch statement on EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature (The Hacker News article)

2018/06/15: Article about the SigSpoof vulnerability which makes it possible for attackers to fake digital signaturesRead more

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

PGP und S/MIME abschalten (Golem article)

2018/05/14: Article on the disclosed vulnerabilities in OpenPGP and S/MIMERead more

What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)

2018/05/24: Article on EFAIL vulnerability, email vulnerabilities and the patching of those vulnerabilities. It questions the safety of emails in generalRead more

Statement on Efail research (Gpg4win)

2018/05/17: Gpg4win statement regarding the EFAIL vulnerabilities and its media coverageRead more

Subscribe to security vulnerability