Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 30 Apr 2019 14:03:26 +0200
From: Marcus Brinkmann <>
Subject: Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)

We demonstrate how an attacker can spoof email signatures in 70% of the
tested clients, including Thunderbird, Outlook with GpgOL, KMail,
Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail,
Roundcube and Mailpile.

Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures
in Emails"

To appear at USENIX Security '19. Joint work with Jens Müller, Marcus
Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj
Somorovsky, Jörg Schwenk.



Tracking numbers: CVE-2018-18509, CVE-2018-12019, CVE-2018-12020,
CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588,
CVE-2019-8338, CVE-2018-12356, CVE-2018-12556, CVE-2019-728


Dipl.-Math. Marcus Brinkmann

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum

Telefon: +49 (0) 234 / 32-25030

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.