To sign or not to sign: Practical vulnerabilities in GPG & friends
media.ccc.de
Might contain zerodays. https://gpg.fail/ From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitous...

A talk from the hacker conference 39C3 about security vulnerabilities found in GPG (GnuPG) and similar tools.

They showed 14 vulnerabilities (9 of them are 0-days) 🤯.

Their website: https://gpg.fail/

(in English)

  • ReginaPhalange@lemmy.worldEnglish
    2·
    18 days ago

    At 09:10 - they demonstrate injecting text that does not break signatures - by appending text after manually inserting null terminator.

    • Is null terminator a character that can be inserted using any enhanced text editor? How do I do that in vim?
    • They go on to say that \v\r is not a new line - but actually I thought that Unix style of text documents end a line that way (\r)?