Die verräterische Null

Robert Merget hat sich in seiner Forschung auf das Verschlüsselungsprotokoll TLS spezialisiert


It’s time you were T0RTT a les­son: Here’s how you could build a bet­ter Tor


Si­cher­heits­lü­cken im In­ter­net­pro­to­koll „IPsec“ iden­ti­fi­ziert.
Cisco patches IOS in re­s­pon­se to boff­ins‘ IKE-bus­ting bre­ak­th­rough
Cisco patches rou­ter OS against new cryp­to at­tack on busi­ness VPNs
Cryp­to Flaw Af­fects Pro­ducts From Cisco, Hua­wei, ZyXEL
This At­tack Has Been Around for 20 Years — And It’s Back Again With The Blei­chen­ba­cher Ora­cle At­tack on VPNs


The Re­gis­ter: F5 DROW­Ning, not wa­ving, in cryp­to fail RO­BOT-An­griff – 19 Jahre alter An­griff auf TLS funk­tio­niert immer noch
For­bes: ‚ROBOT At­tack‘ Ex­po­sed Face­book With 19-Ye­ar-Old Bug — Mas­si­ve Web­sites Still Vul­nerable
Ars Tech­ni­ca: 1998 at­tack that mes­ses with sites’ secret cryp­to keys is back in a big way
The Ha­cker News: ROBOT At­tack: 19-Ye­ar-Old Blei­chen­ba­cher At­tack On En­cryp­ted Web Reintro­du­ced
The Re­gis­ter: I, Robot? Ai­i­iee, ROBOT! RSA TLS cryp­to at­tack pwns Face­book, Pay­Pal, 27 of 100 top do­mains
Se­cu­ri­ty Af­fairs: ROBOT At­tack: RSA TLS cryp­to at­tack wor­ked against Face­book, Pay­Pal, and tens of 100 top do­mains
Bleeping Com­pu­ter: Va­ria­ti­on of 19-Ye­ar-Old Cryp­to­gra­phic At­tack Af­fects Face­book, Pay­Pal, Others
Threat­Post: 19-Ye­ar-Old TLS Vul­nerabi­li­ty Wea­kens Mo­dern Web­site Cryp­to
SC Ma­ga­zi­ne: TLS ex­ploit ‚ROBOT‘ ca­pi­ta­li­zes on 19-ye­ar-old vul­nerabi­li­ty; ven­dors issue patch
heise: RO­BOT-At­ta­cke: TLS-An­griff von 1998 funk­tio­niert immer noch Gam­mel kryptosårbar­het er til­ba­ke. Face­book blant

Ha­cking Prin­ters

We don’t want to alarm you, but Post­Script makes your prin­ter an at­tack vec­tor
Your Prin­ter Can Steal and De­face Your Do­cu­ments
For­scher: Si­cher­heits­lü­cken in Netz­werk­dru­ckern er­lau­ben Da­ten­dieb­stahl
Stel­len Sie so­fort das Dru­cken ein! Schock-Nach­richt von deut­schen For­schern

Grup­pen­chats in In­stantm­es­sa­ging

Whats­App und Si­gnal: For­scher be­schrei­ben Schwä­chen ver­schlüs­sel­ter Grup­pen­chats
Whats­App ‚bug‘ rai­ses ques­ti­ons over group mes­sa­ge pri­va­cy

Text­Se­cu­re (Si­gnal)

Au­di­tors find en­cryp­ted chat cli­ent Text­Se­cu­re is se­cu­re