All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Multiple Security Vulnerabilities Discovered in GnuPG and PGP Implementations

By

todsacerdoti

5mo ago· 1 min readen
Bagel score 80 of 100
80/100
Golden Brown
Bagelometer

Fresh out the oven, still warm. Top of the tray.

Score80Typepress releaseSentimentnegative

Summary

A developer (reaper) apologizes for forgetting the source code for a website while leaving, forcing a complete rewrite. The article lists multiple security vulnerabilities found in GnuPG (GNU Privacy Guard), including plaintext attacks on detached PGP signatures, path traversal issues, cleartext signature forgery, memory corruption in ASCII-armor parsing, and encrypted message malleability issues. The content appears to be a security advisory or vulnerability disclosure related to PGP/GnuPG implementations.

Key quotes

· 3 pulled
in the hurry of leaving i forgot the sites src at home, sorry, had to rewrite the whole thing. expect a nicer site by tomorrow. im patching as we speak.
Multiple Plaintext Attack on Detached PGP Signatures in GnuPG
Cleartext Signature Forgery in the NotDashE
Snippet from the RSS feed
"in the hurry of leaving i forgot the sites src at home, sorry, had to rewrite the whole thing. expect a nicer site by tomorrow. im patching as we speak." - reaper (<- to blame)

You might also wanna read

Threshold Signatures: Distributing Cryptographic Risk to Eliminate Single Points of Failure

The article discusses the security risks of single private keys as points of failure in cryptographic systems and introduces threshold signa

eric.mann.blog·2mo ago

Extending Passkeys: Using Authentication Technology as Cryptographic Seed Material

The article explores how Passkeys, originally designed for website/app authentication, can be repurposed as cryptographic seed material for

backalleycoder.com·4mo ago

Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities

Anthropic has released a free security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs

cybersecuritynews.com·4h ago

wolfCOSE: A Lightweight COSE + CBOR Library for Embedded Systems with PQC and FIPS 140-3 Support

wolfCOSE is a lightweight C library implementing CBOR (RFC 8949) and COSE (RFC 9052/9053) for embedded systems, using wolfSSL as the crypto

github.com·1d ago

Anthropic launches Claude Security beta for codebase vulnerability scanning

Anthropic has released Claude Security, a defensive security tool within Claude Code on the web, from closed preview to beta for Claude Ente

thenewstack.io·1d ago

How LinkedIn's 2012 Breach Exposed the Dangers of Unsalted Password Hashes

This article examines the 2012 LinkedIn breach where attackers cracked millions of passwords using fast, unsalted hashes like MD5 and SHA-1.

hendryadrian.com·1d ago