A talk from the hacker conference 39C3 about security vulnerabilities found in GPG (GnuPG) and similar tools.

They showed 14 vulnerabilities (9 of them are 0-days) 🤯.

Their website: https://gpg.fail/

(in English)

  • ReginaPhalange@lemmy.worldEnglish
    1·
    9 hours ago

    At 09:10 - they demonstrate injecting text that does not break signatures - by appending text after manually inserting null terminator.

    • Is null terminator a character that can be inserted using any enhanced text editor? How do I do that in vim?
    • They go on to say that \v\r is not a new line - but actually I thought that Unix style of text documents end a line that way (\r)?