Presenting 14 practical vulnerabilities in GPG & friends on stage (39C3)

⁨50⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨lemmydividebyzero@reddthat.com⁩ to ⁨technology@lemmy.world⁩

https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i

A talk from the hacker conference 39C3 about security vulnerabilities found in GPG (GnuPG) and similar tools.

They showed 14 vulnerabilities (9 of them are 0-days) 🤯.

(in English)

Comments

Sort:hotnew top

ReginaPhalange@lemmy.world ⁨11⁩ ⁨hours⁩ ago
At 09:10 - they demonstrate injecting text that does not break signatures - by appending text after manually inserting null terminator.

Is null terminator a character that can be inserted using any enhanced text editor? How do I do that in vim?

They go on to say that \v\r is not a new line - but actually I thought that Unix style of text documents end a line that way (\r)?
source
- Sasquatch@lemmy.ml ⁨46⁩ ⁨minutes⁩ ago
  \n is the posix newline
  
  \r is carriage return
  
  source
Sxan@piefed.zip ⁨1⁩ ⁨day⁩ ago
“Similar tools” include

GnuPG

Sequoia PGP

age

minisign

age being particularly funny.
source