vulnerability disclosure

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register Comments section)

2018/05/14: Comments section under the article of The Register "S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats"Read more

Die wichtigsten Fakten zu Efail (Golem article)

2018/05/22: Article analyzing and answering questions linked to the EFAIL vulnerabilitiesRead more

Statement on Efail research (Gpg4win)

2018/05/17: Gpg4win statement regarding the EFAIL vulnerabilities and its media coverageRead more

"Ceci n’est pas une preuve : The use of trapdoor commitments in Bayer-Groth proofs and the implications for the verifiabilty of the Scytl-SwissPost Internet voting system"

2019/03/12: Report of researchers who found a vulnerability in the SwissPost e-voting shuffle. The trapdoor commitment scheme allows an undetectable vote manipulation. Two examples are shown in the report

Brief Summary hereRead more

A unified timeline of Efail PGP disclosure events

2018/05/16: Timeline of the Efail vulnerabilities disclosures to PGP vendors and usersRead more

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

What a second flaw in Switzerland's sVote means for NSW's iVote (Pursuit article)

2019/03/25: Pursuit, University of Melbourne, article by Vanessa Teague. The article reacts to the new vulnerability report in the Swiss Post e-voting system and what it means for iVote in New South Wales.Read more

The source code of Swiss Postʼs evoting system was not “leaked”

Swiss Post official blog post refuting the rumors of their source code being "leaked" and summarizing their term of use and vulnerability disclosure policyRead more

#EFail - the security industry and the importance of nuance (HackDefense article)

2018(05/14: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more

EFAIL bundle

Subscribe to vulnerability disclosure