Do you remember the https://efail.de/ attacks against S/MIME and OpenPGP encrypted emails? It’s basically that but against encrypted PDFs. Paper: https://www.pdf-insecurity.org/ . #PDFex 2/n
-
-
Prikaži ovu nit
-
The attacker modifies an encrypted PDF and sends it to the receiver. The receiver opens and decrypts the modified PDF and the viewer immediately sends the plaintext of the PDF to the attacker.
#PDFex 3/nPrikaži ovu nit - Još 6 drugih odgovora
Novi razgovor -
-
-
Great work! You guys never get tired of breaking all the non-authenticated partial encryption stuff? ;)
-
Seems to be the only way to get rid of it :-)
Kraj razgovora
Novi razgovor -
-
-
Correct me if I'm wrong. Isn't it enough to sign the encrypted pdf to ensure it has not been modified between the sender and the recipient?
-
Here is the relevant part from the paper regarding the signatures.pic.twitter.com/glReIROqsi
- Još 1 odgovor
Novi razgovor -
-
-
Thank you! What is the CVE number for the attack?
-
We aren't aware of any CVEs that were assigned for this.
- Još 2 druga odgovora
Novi razgovor -
-
-
Looks like I have to change the redirect of http://pdf.wtf to https://www.pdf-insecurity.org/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
Prikaži još odgovora, uključujući one koji mogu sadržavati uvredljiv sadržaj
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.