🔥Telegram İfşa

Sicherheitsupdate: LibreOffice könnte private Daten gefährden heise.de/security/meldu… #OfficeSuite #Patch

Together with @murgi, @chearix, vladislav mladenov, Sebastian Schinzel @[email protected], and @joergschwenk, we had a look at the capabilities of malicious OOXML and ODF documents, resulting in a WOOT Paper: usenix.org/system/files/w… | Artifacts: github.com/RUB-NDS/Office…

TL;DR: One-click pure logic chain code execution in LibreOffice (CVE-2020-12803)

You can even leak complete directories in some mail clients. Interestingly, Evolution shows a warning if you want to include a single file, but the full home directory is fine. (2/4)

Such *simple stupid* mailto:?attach tricks worked in Thunderbird for Debian, GNOME Evolution (CVE-2020-11879), KDE KMail (CVE-2020-11880), IBM/HCL Notes (CVE-2020-4089), and Pegasus Mail. (3/4)

This flaw, among others, is described in our IEEE CNS paper "Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption" with -, Damian Poddebniak, Sebastian Schinzel @[email protected], and @joergschwenk: nds.ruhr-uni-bochum.de/media/nds/vero… (4/4)

James Henstridge Jens Müller Yes. See me other answer, for some reason this escaped KDE Security Team radar and i thought it had not been reported to KDE while it had indeed been.

E-Mail: Gefährliche Mailto-Links können Daten stehlen #mailto glm.io/150326?t

Datenklau über Mailto-Links heise.de/news/Datenklau… #Datenklau #EMail

New paper on how to fix #efail style attacks against e2e encrypted email, including OpenPGP and S/MIME. Joint work with Jörg Schwenk - Damian Poddebniak Jens Müller juraj somorovsky Sebastian Schinzel @[email protected]. To be presented at ACM CCS 2025 2020. Thread:

"PhD Defense" can finally be crossed off that to-do list. So long Horst Goertz Institute for IT Security, and thanks for all the fish!

New paper: "ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication" to be presented USENIX Security '21. Joint work with - Christian Dresen @ic0nz1 Damian Poddebniak Jens Müller juraj somorovsky Jörg Schwenk. 1/

We found another flaw in the design of TLS! If you have servers that share certificates across services you might want to take a look at this: alpaca-attack.com. 🧵👇

- & juraj somorovsky evaluate the real-world attack surface of web browsers and widely-deployed email and FTP servers in lab experiments and with internet-wide scans in this #BHUSA Briefing informatech.co/3cy70QQ

Angreifer könnten digitale Unterschrift in LibreOffice und OpenOffice fälschen heise.de/news/Angreifer… #LibreOffice #OpenOffice

Lol. HackenProof a reputable bug bounty platform sends out invites for their program to attack Russian critical infrastructure (SCADA, banks, energy). Crazy times & Happy hunting. #StandingWithUkraine hackenproof.com/ukraine-will-w…