vulnerability disclosure

Coordinated Vulnerability Disclosure: Bringing Balance to the Force (Microsoft)

2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more

Statement on Efail research (Gpg4win)

2018/05/17: Gpg4win statement regarding the EFAIL vulnerabilities and its media coverageRead more

The Cuckoo's Egg, book written by Clifford Stoll

the_cuckoos_egg.jpg

Master-Keyed Lock Vulnerability (AT&T Labs)

2003/01/16 [Revised 2003/01/27] : Matt Blaze publishes in his blog more informations upon Master-Keyed Lock Vulnerability.Read more

EFAIL bundle

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)

PGP und S/MIME abschalten (Golem article)

Major eFail Vulnerability Exposes PGP Encrypted Email -- UPDATED (Forbes article)

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

Efail or OpenPGP is safer than S/MIME (W. Koch email)

#EFail - the security industry and the importance of nuance (HackDefense article)

Encrypted Email Has a Major, Divisive Flaw (Wired article)

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register article)

PGP und S/MIME: E-Mail-Verschlüsselung akut angreifbar (Heise Security article)

No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)

A unified timeline of Efail PGP disclosure events

Efail: What A Disclosure FAIL That Was! (RBS article)

Statement on Efail research (Gpg4win)

Email Is Dangerous (The Atlantic article)

efail: Outdated Crypto Standards are to blame (Hanno's blog)

Die wichtigsten Fakten zu Efail (Golem article)

What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)

How To Turn PGP Back On As Safely As Possible (EFF article)

HTML MAils have no Security Concept and are to blame (Hanno's blog)

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

Encryption? This time it'll be usable, Thunderbird promises (The Register article)

Sebastian Schinzel Tweet about EFAIL vunlerability

Google Vulnerability Report

Google Security Reward - 2015 Year in Review

Google to Pay For Bugs Found in Chromium (Threat post)

Google Ups the Bug Bounty Ante to $3133.7 (Threat post)

Google Open Source Vulnerabilities (OSV)

Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts (blog post)

2019/07/30: Mohd Haji's blog post on one of findings in Paypal. Explanation of the vulnerability he found and the steps he took.Read more

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

L0pht

Hackers keep the heat on Windows NT security (L0pht)

L0pht testimony before the Congress (United States Senate Committee on Governmental Affairs)

L0pht Advisory: release of L0phtCrack for NT (Bugtraq archive)

Whacked Mac collection CD (L0pht)

Into the Breach - Ferdin

L0pht - Wikipedia

‘We Got to Be Cool About This‘: An Oral History of the L0pht (Part One - Fisher paper)

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)

Thirty Minutes Or Less: An Oral History of the LØpht, Part Three

'Nothing's Going to Last Forever': An Oral History of the LØpht (Part Four- Fisher paper)

L0pht Advisory: release of L0phtCrack for NT (Bugtraq archive)

1997/04/11 : Aleph One publishes a L0pht advisory on Bugtraq.

This artifact is part of the L0pht Bundle.Read more

Geer Keynote

Geer Keynote at Black Hat 2014 - Cybersecurity as Realpolitik

Black Hat 2014 Keynote: Cybersecurity as Realpolitik (on Geer Keynote)

Geer Keynote at Black Hat 2014 - Cybersecurity as Realpolitik (transcription)

Efail: What A Disclosure FAIL That Was! (RBS article)

2018/05/16: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more