These #GnuPG vulns are awesome for embedded hacking. Firmware update mechanisms often rely on pgp signatures. Now that there’s multiple ways to forge one, I am looking forward to more devices getting liberated. 🥳
Flüpke
Flüpke
npub1q6j6...kcru
Hacker™️ | Arts | CCC | Technical Diver | AS208135 | Flipdots | InfoSec shitposts | NB on HRT | Bestatter deines Blockchain Startups | er/he | sivizius 💕
"Zusammenrottung aus dem Kreise der politischen Gegner mit Hacking-Affinität"
📢 Follow-Requests welcome. Please have a non-empty profile page or briefly introduce yourself, in case we don't know each other.
pronunciation: ˈflʏpkə̄
pronouns: undefined
PGP Fingerprint: 3ACC C269 0347 5A3C E813 2513 FB23 5BF1 1F75 7702
gender: non-binary
The #39C3 “To sign or not to sign” () talk is excellent. 👏
IMHO: Avoid PGP altogether, especially #GnuPG. Avoid memory unsafe programming languages, wherever feasible.
It is mind boggling, that the gpg team / g10 Code GmbH refuses to fix all vulnerabilities, given that their @npub1prv4...5px6 certification and thus their business model being at risk.
Also goes to show, that BSI certifications are worthless. Quel surprise?
gpg.fail