vulnerability disclosure

#EFail - the security industry and the importance of nuance (HackDefense article)

2018(05/14: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature (The Hacker News article)

2018/06/15: Article about the SigSpoof vulnerability which makes it possible for attackers to fake digital signaturesRead more

Swiss Post puts e-voting on hold after researchers uncover critical security errors

2019/04/05: The Daily Swig article reviewing the controversies surrounding the Swiss Post public intrusion test for their e-voting systemRead more

What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)

2018/05/24: Article on EFAIL vulnerability, email vulnerabilities and the patching of those vulnerabilities. It questions the safety of emails in generalRead more

efail: Outdated Crypto Standards are to blame (Hanno's blog)

2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more

EFAIL bundle

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1)

Description of attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGPRead more

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts (blog post)

2019/07/30: Mohd Haji's blog post on one of findings in Paypal. Explanation of the vulnerability he found and the steps he took.Read more

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

PGP und S/MIME abschalten (Golem article)

2018/05/14: Article on the disclosed vulnerabilities in OpenPGP and S/MIMERead more

Subscribe to vulnerability disclosure