[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
From:       Marcus Brinkmann <marcus.brinkmann () ruhr-uni-bochum ! de>
Date:       2019-04-30 12:03:26
Message-ID: be36326e-6705-28e1-a1c3-6e8e9203af04 () ruhr-uni-bochum ! de
[Download RAW message or body]

We demonstrate how an attacker can spoof email signatures in 70% of the
tested clients, including Thunderbird, Outlook with GpgOL, KMail,
Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail,
Roundcube and Mailpile.

Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures
in Emails"

To appear at USENIX Security '19. Joint work with Jens Müller, Marcus
Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj
Somorovsky, Jörg Schwenk.

PDF:
https://github.com/RUB-NDS/Johnny-You-Are-Fired/raw/master/paper/johnny-fired.pdf

Artifacts: https://github.com/RUB-NDS/Johnny-You-Are-Fired

Tracking numbers: CVE-2018-18509, CVE-2018-12019, CVE-2018-12020,
CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588,
CVE-2019-8338, CVE-2018-12356, CVE-2018-12556, CVE-2019-728

Thanks!
Marcus

-- 
Dipl.-Math. Marcus Brinkmann

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum

Telefon: +49 (0) 234 / 32-25030
http://www.nds.rub.de/chair/people/mbrinkmann
[prev in list] [next in list] [prev in thread] [next in thread]