-
New post by
@internot_ ”Comment on EFAIL”. https://assured.se/2018/05/16/comment-on-efail …#efail -
Thanks to the
#WebsiteError tracking of the#GoogleSearchConsole, I can see, when their are handling errors, or if#Efail actually happens on such an handling. https://www.kktvcam.com/2018/05/15/efail-email-angriff-integrität-garantieren/ …#Webmaster#Developer#Google#HTML#PHP#Encryption#SSL#Vulnerability#Websitesecuritypic.twitter.com/kiWynnBw0b
-
So people consider PGP broken, because Email clients are broken, but not PGP. They say it is more an HTML problem. And recommend signal. https://ivan.barreraoro.com.ar/signal-desktop-html-tag-injection-variant-2/ … Signal had the second HTML problem in that very one
#efail week. Why is journalism so hard for journalists? -
#efail talk@ruhrsec ... Great way to end this fantastic conference. Thanks everyone!pic.twitter.com/psGqYrNIdK
-
It's unfortunate that there's so much noisy yelling about the
#Efail disclosure process. It's a very interesting (and serious) example of a type of feature interaction bug that deserves more attention.Prikaži ovu nit -
A great roundup of the
#efail mess by@violetblue. Yes the problem needs to be fixed (in email clients), but solution is NOT to disable encryption. Like moving yourself and everything you own under a bridge just because one window of your house is stuck.https://www.patreon.com/posts/cybersecurity-15-18814817 … -
This evening in the Cyberus HQ in Dresden: Our special guest Prof. Sebastian Schinzel (
@seecurity) gives tech talk about#efail pic.twitter.com/v97A1akQEn
-
Here. I fixed it.
#efail#effail#efffailpic.twitter.com/WpT4S4Edz7
-
Our first video recording is available on YouTube: "
#Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels" https://youtu.be/KrdljMp2li8#ruhrsec -
Oh no...
@KeybaseIO encourages user's to remove their PGP key because of#efail. AND to make it even more funny, you have to enable loading of external resources to see the skull image in the first place
pic.twitter.com/VD9CdaCAE7
-
This is a good response to the "don't use encrypted mail" nonsense some sprouted in response to
#EFail. Security nihilism doesn't help anyone. https://www.aclu.org/blog/privacy-technology/internet-privacy/encrypted-email-and-security-nihilism … -
The study on Vulnerability Disclosure from
@enisa_eu gives good guidance how to responsibly disclose found vulnerabilities i.e. in software or protocols. https://www.enisa.europa.eu/publications/vulnerability-disclosure … The researchers of#efail did a good job in their research, but not in their approach to disclose. -
Attacks like
#Efail point out where improvements are needed. Important and valuable! But we also need trust between security researchers and developers, if we want people to use better crypto. Do researchers really have to advertise bugs with logos and stickers? This doesn't help -
Against security nihilism: The right solution to this conundrum is to encourage everyone to maintain their computers, not to discourage the use of secure communications https://www.aclu.org/blog/privacy-technology/internet-privacy/encrypted-email-and-security-nihilism …
#Efail -
This is kinda valid for every piece of software, all the time. Next step,
@EFF advises to not use computers because they could be vulnerable at some point?#effail#efffail#efail pic.twitter.com/lcp1fKx3NW
-
#EFail and#Thunderbird, What You Need to Know. This post should answer questions surrounding how you are affected if you are using Thunderbird and what you can do to ensure your encrypted Email is safe from prying eyes. https://buff.ly/2IJdEpK -
"It’s not bad crypto that’s killing OpenPGP. It’s apathy." If you"re interested in OpenPGP at all, may I humbly suggest you read
@robertjhansen's excellent#efail postmortem: https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 … -
New exploit from
@micahflee: In Apple Mail, cleartext of PGP messages can still be stolen, even with remote content turned off.#efail We have a video demo but are withholding details. https://theintercept.com/2018/05/25/in-apple-mail-theres-no-protecting-pgp-encrypted-messages/ …Prikaži ovu nit -
Efail: HTML Mails have no Security Concept and are to blame https://blog.hboeck.de/archives/894-Efail-HTML-Mails-have-no-Security-Concept-and-are-to-blame.html … (the promised second part of my blogpost miniseries about
#efail)
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.