vulnerability disclosure

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1)

Description of attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGPRead more

Encrypted Email Has a Major, Divisive Flaw (Wired article)

2018/05/14: Article on the story of the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

Researchers Find Critical Backdoor in Swiss Online Voting System (Motherboard article)

2019/03/12: Motherboard article about critics concerning Swiss Post e-voting systemRead more

SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (NeoPG blog post)

2018/06/13: Blog post on the "SigSpoof". Marcus Brinkmann found this vulnerability that allows spoofing “signed” messages that are not actually signed. This post proves the vulnerability and shows the medias' reactionsRead more

PGP und S/MIME: E-Mail-Verschlüsselung akut angreifbar (Heise Security article)

2018/05/14: Article on the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)

2018/05/14: EFF statement regarding the newly disclosed vulnerabilities affecting PGP and S/MIME usersRead more

How not to prove your election outcome (SwissPost voting system 2nd vuln reporte)

2019/03/25: Public vulnerability report in the SwissPost e-voting system. Explanation and proof of the vulnerability. This is the second report showing vulnerabilities in this e-voting system by the security researchers team of Sarah Jamie Lewis, Vanessa Teague, and Olivier Pereira.

...Read more

EFAIL bundle

Ballot box not hacked, errors in the source code – Swiss Post temporarily suspends its e-voting system

2019/03/29 : Swiss Post official press release on their decision to put on hold their e-voting system due to the recent disclosure of vulnerabilities in their source code. Followed by facts and figures on the public intrusion test on the e-voting system.Read more

How Not To Secure An Election (OP Presentation)

2019/10/17: Open Privacy Presentation given by Sarah Jamie Lewis retracing the timeline of events around the Swiss Post e-voting system bug bounty and vulnerability disclosures made by her teamRead more

Subscribe to vulnerability disclosure