2019/03/25: Swiss Post article reacting to the second vulnerability report in its e-voting system. Report: https://cva.unifr.ch/content/how-not-prove-your-election-outcome-...Read more
2019/03/12: Swiss Post official press release reacting to the vulnerability found by security researchers during the public intrusion test on their e-voting system.Read more
2018/05/14: Article on the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more
EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more
2018/06/15: Article about the SigSpoof vulnerability which makes it possible for attackers to fake digital signaturesRead more
2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more
2021/10/30 : Nicholas Boucher and Ross Anderson "present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye." This new threat has been called 'Trojan Source'.
"In this paper we will take an unusual approach to system security. Instead of merely saying that something is a problem, we will look through the eyes of a potential intruder, and show why it is one. We will illustrate that even seemingly harmless network services can...Read more