Jared Naude (42)
Great research! 14 GPG vulnerabilities found in one year and only some of them have been fixed. GnuGP doesn't sign their own commits 🤦♂️#39c3
Chatkontrolle - Ctrl+Alt+Delete by Khaleesi & Markus Reuter
The speakers have published more than 300 articles on this really important topic regarding our privacy and digital rights.
A Tale of Two Leaks: How Hackers Breached the Great Firewall of China by Jade Sheffey #39c3
🧵
Walkthrough of a vulnerability where for any signed message, an attacker can create a cleartext signature with any content that verifies correctly for the original signer. This has been reported but no patch is currently available. #39c3
321 971 people signed a petition against Chat Control. One of the German politicians also made a speech about the large volume of emails that he received in opposition to the law. #39c3
Walkthrough of a plaintext attack on detached signatures which allows the marking of unsigned content as verified. This has been reported and has been patched but is not in the latest version. #39c3
If you are doing your own "research" you need to be careful as there can be high voltage that is not grounded. Using isolated equipment is recommended. These machines have spinning parts and as the rest of the family uses them, you should exercise caution. #39c3
"Awards" to the people and organizations that have spread lies, disinformation and have lead to lobby efforts in support of chat control. #39c3
Chat control is effectively breaking end to end encryption by implementing client side scanning. It also goes a lot further into network censorship which we have been fighting for the last 20 years. Targeted scanning could also be possible under the law. #39c3
GPG has several use cases for dependencies and verifying downloads among others. It's attack surface around having correct parsing, authentication, encryption and PGP as a CLI / Tool library. #39c3
