After presenting our work at Real World Crypto 2018 [1]
and seeing the enormous press coverage, we want to get two things
straight: 1. Most described weaknesses are only exploitable by the malicious
server or by knowing a large secret number and thereby the protocols are still very secure (what we wrote in the paper but some newspapers did not adopt) and 2. we see ways to enhance the WhatsApp protocol without breaking its features.
Subscribe to:
Posts (Atom)
Beliebte Posts
-
When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...
-
Inspired by James Kettle 's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security i... -
Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medic... -
In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks: We complete... -
One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is n...