security vulnerability

New finding in the source code (Swiss Post article)

2019/03/25: Swiss Post article reacting to the second vulnerability report in its e-voting system. Report: https://cva.unifr.ch/content/how-not-prove-your-election-outcome-...Read more

No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)

2018/05/15: Article going through why PGP isn't "broken" even though vulnerabilities have been found in it. 

Reaction to this article available here : https://cva.unifr.ch/content/no...Read more

Error in the source code discovered and rectified (Swiss Post press release)

2019/03/12: Swiss Post official press release reacting to the vulnerability found by security researchers during the public intrusion test on their e-voting system.Read more

PGP und S/MIME: E-Mail-Verschlüsselung akut angreifbar (Heise Security article)

2018/05/14: Article on the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

EFAIL bundle

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature (The Hacker News article)

2018/06/15: Article about the SigSpoof vulnerability which makes it possible for attackers to fake digital signaturesRead more

efail: Outdated Crypto Standards are to blame (Hanno's blog)

2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more

Trojan Source: Invisible Vulnerabilities (Boucher and Anderson article)

2021/10/30 : Nicholas Boucher and Ross Anderson "present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye." This new threat has been called 'Trojan Source'.

Read more

Improving the Security of Your Site by Breaking Into it

"In this paper we will take an unusual approach to system security. Instead of merely saying that something is a problem, we will look through the eyes of a potential intruder, and show why it is one. We will illustrate that even seemingly harmless network services can...Read more

Email Is Dangerous (The Atlantic article)

2018/05/21: Article on who is concerned by the EFAIL vulnerabilities and why email, in general, isn't securedRead more

Subscribe to security vulnerability