[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
From: Marcus Brinkmann <marcus.brinkmann () ruhr-uni-bochum ! de>
Date: 2019-04-30 12:03:26
Message-ID: be36326e-6705-28e1-a1c3-6e8e9203af04 () ruhr-uni-bochum ! de
[Download RAW message or body]
We demonstrate how an attacker can spoof email signatures in 70% of the
tested clients, including Thunderbird, Outlook with GpgOL, KMail,
Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail,
Roundcube and Mailpile.
Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures
in Emails"
To appear at USENIX Security '19. Joint work with Jens Müller, Marcus
Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj
Somorovsky, Jörg Schwenk.
PDF:
https://github.com/RUB-NDS/Johnny-You-Are-Fired/raw/master/paper/johnny-fired.pdf
Artifacts: https://github.com/RUB-NDS/Johnny-You-Are-Fired
Tracking numbers: CVE-2018-18509, CVE-2018-12019, CVE-2018-12020,
CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588,
CVE-2019-8338, CVE-2018-12356, CVE-2018-12556, CVE-2019-728
Thanks!
Marcus
--
Dipl.-Math. Marcus Brinkmann
Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum
Telefon: +49 (0) 234 / 32-25030
http://www.nds.rub.de/chair/people/mbrinkmann
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic