security vulnerability

Release of source code leads to discovery of flaw in Swiss Post’s new e-voting system (Federal Chancellery press release)

2019/03/12: Federal Chancellery official press release about the flaws found in the Swiss Post e-voting system. The Federal Chancellery calls for Swiss Post to review and improve it's system's security process and "will review the relevant certification and authorization procedures." The...Read more

How not to prove your election outcome (SwissPost voting system 2nd vuln reporte)

2019/03/25: Public vulnerability report in the SwissPost e-voting system. Explanation and proof of the vulnerability. This is the second report showing vulnerabilities in this e-voting system by the security researchers team of Sarah Jamie Lewis, Vanessa Teague, and Olivier Pereira.

...Read more

HTML MAils have no Security Concept and are to blame (Hanno's blog)

2018/06: Hanno Böck's toughts and opinions on HTML mails and its roles in the EFAIL vulnerabilitiyRead more

No, PGP is not broken, not even with the Efail vulnerabilities (2. Hacker News Forum)

2018/05: Reaction to the Prontomail article "No, PGP is not broken, not even with the Efail vulnerabilities" (artifact available) on Hacker News forum : https://cva.unifr.ch/content/no-...Read more

Statement on Efail research (Gpg4win)

2018/05/17: Gpg4win statement regarding the EFAIL vulnerabilities and its media coverageRead more

Email Is Dangerous (The Atlantic article)

2018/05/21: Article on who is concerned by the EFAIL vulnerabilities and why email, in general, isn't securedRead more

New finding in the source code (Swiss Post article)

2019/03/25: Swiss Post article reacting to the second vulnerability report in its e-voting system. Report: https://cva.unifr.ch/content/how-not-prove-your-election-outcome-...Read more

Trapdoor commitments in the SwissPost e-voting shuffle proof

2019/03/12 : Report of researchers who found a vulnerability in the SwissPost e-voting shuffle. The trapdoor commitment scheme allows an undetectable vote manipulation.

Full version hereRead more

Subscribe to security vulnerability