Do you like crypto? Are you interested in new attack techniques? Then this is something for you: We present raccoon-attack.com a novel cryptographic vulnerability in the SPECIFICATION of TLS Credits: Marcus Brinkmann, Nimrod Aviram, juraj somorovsky, Johannes Mittmann Jörg Schwenk
Do you want to learn how to break PDF security?
Come to the PDF Attack session ACM CCS 2024 in Kings Balmoral
I'll give the talk at 11am on breaking PDF signature followed by Fabian @[email protected]'s talk on breaking PDF encryption.
/cc vladislav mladenov Martin Grothe Jens Müller Sebastian Schinzel @[email protected] Jörg Schwenk
ODF Documents can be protected with a digital signature.
What can go wrong?
Find out in Simon's USENIX Security talk (Track 1, 9:40):
Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
Joint work w vladislav mladenov+Jörg Schwenk
New paper 'Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails' at USENIX Security '19. Joint work with Jens Müller Marcus Brinkmann Damian Poddebniak hanno Sebastian Schinzel @[email protected] juraj somorovsky Jörg Schwenk | PDF: github.com/RUB-NDS/Johnny… | Artifacts: github.com/RUB-NDS/Johnny…
New paper: 'ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication' to be presented USENIX Security '21. Joint work with Marcus Brinkmann Christian Dresen Robert Merget Damian Poddebniak Jens Müller juraj somorovsky Jörg Schwenk. 1/
New paper on how to fix #efail style attacks against e2e encrypted email, including OpenPGP and S/MIME. Joint work with Jörg Schwenk Marcus Brinkmann Damian Poddebniak Jens Müller juraj somorovsky Sebastian Schinzel @[email protected]. To be presented at ACM CCS 2024 2020. Thread:
We started to receive questions from customers regarding this CVE and on the surface, it sounded quite scary.
Patches done to almost every SSH server out there, but no mention of Network OSes.
So I decided to help researchers Fabian Bäumer Marcus Brinkmann and Jörg Schwenk by assessing
Finally we can share TLS-Anvil. It started two years ago as my master thesis and is now part of USENIX 22. What a cool journey! Thanks for seeing so much potential in the project and all the work that went into it! Marcel Maehren Robert Merget juraj somorovsky Jörg Schwenk Sven Hebrok
Unlock the door to prizes. Jörg Schwenk Sayo Hikawa Kavuma Edward6 RAB-S Tony Bauer Michael Sargent Rooster189 Brenda Kurt Montgomery Mira Toast x.com/i/lists/176074…
Wouldn't it be a good idea if crypto and security profs of German universities write an open letter together? #ContactTracing Tibor Jäger, @CasCremers, Sebastian Schinzel @[email protected], Jörg Schwenk, Eike Kiltz, Thorsten Holz, Christof Paar, juraj somorovsky, @profbodden, Jean Paul Degabriele,...
Insecure Features in PDFs.
We analyzed legitimate PDF features leading to 1. Denial of Service 2. Information Disclosure 3. Data Manipulation 4. and Code Execution (NDSS'21 Paper).
web-in-security.blogspot.com/2021/01/insecu…
/cc Jens Müller Dominik Noss, vladislav mladenov, Jörg Schwenk
Congratulations to Fabian Bäumer and Marcus Brinkmann! The Terrapin paper just got accepted for USENIX Security 2024!
Martin Grothe Christian vladislav mladenov Jörg Schwenk Any reason why 2 files are nearly identical ?
Coauthors of the paper are (unsorted) Jens Müller , Sebastian Schinzel @[email protected], Jörg Schwenk, juraj somorovsky and hanno
Paper: github.com/RUB-NDS/Johnny…
Terrapin Attack
terrapin-attack.com
Published By :- Fabian Bäumer (Fabian Bäumer) Marcus Brinkmann (@lambdafu) Jörg Schwenk (@JoergSchwenk)
#infosec #bugbounty #TogetherWeHitHarder #inbbupdatesblogs
New technical report on interoperable messaging:
Jörg Schwenk and I wrote a comprehensive study for the @BNetzA (German Network Agency) to investigate how security for interoperable messaging can be preserved. We also take the short timeline of the European DMA into account.