Collaborate Disseminate
[Samuel]’s first foray into making DIY hardware authentication tokens was a great success, but he soon realized that a device intended for everyday carry and use has a few different …read more Continue reading TurtleAuth DIY Security Token Gets (Re)designed for Durable, Everyday Use
GnuPG has a serious vulnerability, in a library also used elsewhere: Libgcrypt 1.9.0 contains a classic programming error.
The post Bad Security Bug in GnuPG: C Language Blamed (Yet Again) appeared first on Security Boulevard.
Continue reading Bad Security Bug in GnuPG: C Language Blamed (Yet Again)
Many, if not most, Linux distros will be affected. Users of other operating systems should check for software that uses libgcrypt. Continue reading GnuPG crypto library can be pwned during decryption – patch now!
Feeling the cost of commercial options like the YubiKey and Nitrokey were too high, [TheStaticTurtle] started researching DIY alternatives. He found an open source project allows the STM32F103 to act as a USB cryptographic token for GNU Privacy Guard, which was a start. All he had to do was build …read more
From the gaping maw of the infosec Twitterverse comes horrifying news. PGP is broken. How? We don’t know. When will there be any information on this vulnerability? Tomorrow. It’s the most important infosec story of the week, and it’s only Monday. Of course, this vulnerability already has a name. Everyone else is calling it eFail, but I’m calling it Fear, Uncertainty, and Doubt.
[Sebastian Schinzel] announced on Twitter today he will be announcing a critical vulnerability in PGP/GPG and S/MIME email encryption. This vulnerability may reveal the plaintext of encrypted emails. There are currently no fixes — but there’s no …read more
Continue reading PGP Vulnerability Pre-announced by Security Researcher
Hackers that can intercept your encrypted emails, or steal your emails from your computer or a server, may be able to decrypt them taking advantage of new vulnerabilities found in the way some email clients treat HTML. Continue reading People Are Freaking Out That PGP Is ‘Broken’—But You Shouldn’t Be Using It Anyway
The Efail attack on encrypted emails is sneaky, but it doesn’t seem to be all that it’s hyped up to be.
Continue reading Despite Efail, the sky is not falling
Brace yourself, there’s a security scare involving encrypted email that could see your past sensitive messages exposed.
It’s name? “Efail.”
Continue reading Critical vulnerabilities in PGP/GPG and S/MIME email encryption, warn researchers
Encryption is one of the pillars of modern-day communications. You have devices that use encryption all the time, even if you are not aware of it. There are so many applications and systems using it that it’s hard to begin enumerating them. Ranging from satellite television to your mobile phone, from smart power meters to your car keys, from your wireless router to your browser, and from your Visa to your Bitcoins — the list is endless.
One of the great breakthroughs in the history of encryption was the invention of public key cryptography or asymmetrical cryptography in the 70’s. …read more
Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data.
Gnu Privacy Guard (GnuPG or GPG) is popul… Continue reading Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library
