vulnerability disclosure

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1)

Description of attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGPRead more

EFAIL bundle

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

Trapdoor commitments in the SwissPost e-voting shuffle proof

2019/03/12 : Report of researchers who found a vulnerability in the SwissPost e-voting shuffle. The trapdoor commitment scheme allows an undetectable vote manipulation.

Full version hereRead more

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

A unified timeline of Efail PGP disclosure events

2018/05/16: Timeline of the Efail vulnerabilities disclosures to PGP vendors and usersRead more

PGP: Encryption Program Used by Edward Snowden 'Can Leak Secret Messages' (Newsweek article)

2018/05/14: Newsweek article about EFAIL disclosure.

This article is interesting as it makes the link between the EFAIL disclosure and the emblematic figure of digital rights activist Edward Snowden:

PGP, which is used to scramble the content of sensitive messages and

...Read more
Subscribe to vulnerability disclosure