security vulnerability

Email Is Dangerous (The Atlantic article)

2018/05/21: Article on who is concerned by the EFAIL vulnerabilities and why email, in general, isn't securedRead more

Efail or OpenPGP is safer than S/MIME (W. Koch email)

2018/05/14: Werner Koch statement on EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (NeoPG blog post)

2018/06/13: Blog post on the "SigSpoof". Marcus Brinkmann found this vulnerability that allows spoofing “signed” messages that are not actually signed. This post proves the vulnerability and shows the medias' reactionsRead more

Error in the source code discovered and rectified (Swiss Post press release)

2019/03/12: Swiss Post official press release reacting to the vulnerability found by security researchers during the public intrusion test on their e-voting system.Read more

Statement on Efail research (Gpg4win)

2018/05/17: Gpg4win statement regarding the EFAIL vulnerabilities and its media coverageRead more

Swiss Post puts e-voting on hold after researchers uncover critical security errors

2019/04/05: The Daily Swig article reviewing the controversies surrounding the Swiss Post public intrusion test for their e-voting systemRead more

Encrypted Email Has a Major, Divisive Flaw (Wired article)

2018/05/14: Article on the story of the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature (The Hacker News article)

2018/06/15: Article about the SigSpoof vulnerability which makes it possible for attackers to fake digital signaturesRead more

Subscribe to security vulnerability