News

The government of Kazakhstan forcefully decrypts part of internet trafficy

On July 2019 the government of Kazakhstan started enforcing a policy where web browser users are forced to install a specific root certificate on their computers. Due to the nature of browser based encryption (SLL/TLS/https) this enables the government to decrypt the traffic.

EFAIL attack on OpenPGP and S/MIME

On May 13, 2018 researchers published findings concerning attack on OpenPGP and S/MIME, see https://www.efail.de : "EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails." and "While it is necessary to change the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws allowing straightforward exfiltration of the plaintext.".