Jens Müller

@jensvoid

PhD student . Printer dude. Raw tech. No chit-chat.

Bochum
Vrijeme pridruživanja: ožujak 2013.

Tweetovi

Blokirali ste korisnika/cu @jensvoid

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jensvoid

  1. proslijedio/la je Tweet
    10. pro 2019.
    Poništi
  2. proslijedio/la je Tweet
    6. pro 2019.
    Poništi
  3. proslijedio/la je Tweet
    26. stu 2019.

    Warum "verschlüsselt und signiert" nicht zwangsläufig auch "vertraulich und authentisch" bedeutet, zeigen uns , und in ihrem Talk "How to break PDF security" auf dem German OWASP Day! Infos und Tickets unter "

    Poništi
  4. proslijedio/la je Tweet
    5. pro 2019.

    PDF security: "We tested 27 PDF viewers and found all of them vulnerable to at least one of our attacks.” Both Foxit and Adobe Reader susceptible to attacks albeit *with* user interaction. — Jens Müller and Fabian Ising at Black Hat Europe 2019

    PDFs are as popular as the Queen (UK Google search results)
    Poništi
  5. proslijedio/la je Tweet
    5. pro 2019.

    PDF security weakness: The specification means every reader allows partial encryption, or mixing encrypted and unencrypted content, warn Jens Müller and Fabian Ising at Black Hat Europe 2019

    Poništi
  6. proslijedio/la je Tweet
    5. pro 2019.

    Pdf versus the Queen 👑 they didn't talk about the corgies doggos

    Poništi
  7. 16. stu 2019.

    How to "break" PGP and S/MIME mail the easy way (no math). A video of my talk at just got released:

    Poništi
  8. proslijedio/la je Tweet
    12. stu 2019.

    If you did not catch my talk on PDF encryption at today: I will also be presenting a longer version at in London with and a signature/encryption combination at in Leipzig with .

    Poništi
  9. proslijedio/la je Tweet
    30. ruj 2019.

    Btw. You can test your PDF application of choice using the exploits we have uploaded (Password: pass):

    Poništi
  10. 2. lis 2019.
    Poništi
  11. proslijedio/la je Tweet
    Poništi
  12. proslijedio/la je Tweet
    30. ruj 2019.
    Odgovor korisniku/ci

    Can we please just go back to plain text emails? :-/

    Poništi
  13. 30. ruj 2019.

    If you use S/MIME, update Thunderbird. Here's yet another way to exfiltrate the plaintext of encrypted emails in the never-ending post- arms race... (CVE-2019-11739)

    Poništi
  14. proslijedio/la je Tweet
    30. ruj 2019.

    Sicherheitslücke: Angreifer können verschlüsselte PDF-Daten leaken

    Poništi
  15. 30. ruj 2019.
    Poništi
  16. proslijedio/la je Tweet

    Sicherheitslücken in der : Forscher von und haben 27 gängige PDF-Reader getestet. Diese Anwendungen sind betroffen: ^sk

    Poništi
  17. proslijedio/la je Tweet
    30. ruj 2019.

    Thanks to for helping with the disclosure! 9/9

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    30. ruj 2019.

    Main mitigations on PDF standard level are: a) remove partial encryption and b) define and enforce authenticated encryption. 8/n

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    30. ruj 2019.

    As a result, 27/27 PDF viewers were vulnerable (14 without user interaction, 13 with user interaction). 7/n

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    30. ruj 2019.

    This works because a) the PDF standard allows a mix of plaintext and encrypted content b) it defines no authentication method for encryption (i.e. not MAC) and c) it allows fetching content from and posting content to remote HTTP servers. 6/n

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·