Follow

Mailto: Me Your Secrets. Three attacks on OpenPGP and S/MIME implementations:

nds.ruhr-uni-bochum.de/media/n (PDF file)

The paper describes three attacks on OpenPGP and S/MIME implementations to replace certificates, sign arbitrary messages, or exfiltrate private keys.

@infosechandbook
I wonder why Thunderbird for Windows and FairEmail for Android isn't listed.

@infosechandbook
How old is that list? Iirc claws-mail saving unencrypted drafts was patched long time ago.

@outofcreativity

The list is from the paper, released 5 days ago.

As security researches usually work with affected vendors to fix the vulnerabilities before releasing their findings, the current software should be patched in most cases.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community