Jens Müller

Lol. @HackenProof a reputable bug bounty platform sends out invites for their program to attack Russian critical infrastructure (SCADA, banks, energy). Crazy times & Happy hunting. #StandingWithUkraine hackenproof.com/ukraine-will-w…

Angreifer könnten digitale Unterschrift in LibreOffice und OpenOffice fälschen heise.de/news/Angreifer… #LibreOffice #OpenOffice

If you build #Ghostscript from source, apply this patch to counter the latest RCE (now known as CVE-2021-3781): git.ghostscript.com/?p=ghostpdl.gi…

0day RCE in #Ghostscript going wild. This issue was found independently by @emil_lerner and @jensvoid. Fun fact: GS is everywhere. Even LESS(1) is affected.

@RDerenzy @emil_lerner ImageMagick is *not* required (but can be used as a vector to call Ghostscript). The 9.50 to 9.54 releases are vulnerable. I don't use Windows.

@jensvoid @emil_lerner There is just so much lack of info here.... Is imagemagick needed to exploit? Does 9.54 fix this (probably not) What about windows running ghost script

@1AKDJ @emil_lerner Kali Rolling (less 551); likes to convert all kinds of obscure file types to plain text before displaying to the user; thereby increasing the attack surface

@jensvoid @emil_lerner Crazy! what distro and/or version of less?

@lambdafu & @jurajsomorovsky evaluate the real-world attack surface of web browsers and widely-deployed email and FTP servers in lab experiments and with internet-wide scans in this #BHUSA Briefing informatech.co/3cy70QQ

@mniemietz @HGI_Bochum @HSNiederrhein Congrats Marcus, and thanks for shepherding me into @HGI_Bochum back in the days!

We found another flaw in the design of TLS! If you have servers that share certificates across services you might want to take a look at this: alpaca-attack.com. 🧵👇

New paper: "ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication" to be presented @USENIXSecurity '21. Joint work with @lambdafu @dr4ys3n @ic0nz1 @dues__ @jensvoid @jurajsomorovsky @JoergSchwenk. 1/

"PhD Defense" can finally be crossed off that to-do list. So long @HGI_Bochum, and thanks for all the fish!

@nitro_sam @Klose7 Please read your emails to security@gonitro.com (RCE in Nitro Reader/Pro; never got an answer)

@Klose7 We sure do. Email security@gonitro.com. Details can be found here too: #securityUpdates" target="_blank" rel="nofollow noopener">gonitro.com/product/downlo…. Feel free to DM me if any issues.

New paper on how to fix #efail style attacks against e2e encrypted email, including OpenPGP and S/MIME. Joint work with @JoergSchwenk @lambdafu @dues__ @jensvoid @jurajsomorovsky @seecurity. To be presented at @acm_ccs 2020. Thread:

Datenklau über Mailto-Links heise.de/news/Datenklau… #Datenklau #EMail

My fault. Even though Thunderbird removed the mailto:?attach feature, it still seems present in distros that apply xdg-email to parse mailto URLs. Thanks to @j_o_n__w and @Ug_0Security for all the debugging :). Original report for Thunderbird now public: bugzilla.mozilla.org/show_bug.cgi?i…

Have you ever heard of the mailto:?attach=~/… parameter? It allows to include arbitrary files on disk. So, why break PGP if you can politely ask the victim's mail client to include the private key? (1/4)

@j_o_n__w @Ug_0Security Sry, the line is "ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach='..." in the run_thunderbird() function of xdg-email. Thanks.

@j_o_n__w @Ug_0Security Can you confirm that you are using xdg-email (e.g., by commenting out line 51 in /usr/bin/xdg-email and then testing if it still works)?

@j_o_n__w @Ug_0Security This is bad. It had been fixed in/by TB in the past. But imho xdg-email re-opens the attack surface: #L51" target="_blank" rel="nofollow noopener">gitlab.freedesktop.org/xdg/xdg-utils/…

E-Mail: Gefährliche Mailto-Links können Daten stehlen #mailto glm.io/150326?t

@JamesHenstridge @jensvoid Yes. See me other answer, for some reason this escaped KDE Security Team radar and i thought it had not been reported to KDE while it had indeed been.