Free all the bugs!
- 13 Nov 2023
- Obvious vulnerabilities in self-proclaimed “most secure messenger” — ginlo proclaims itself as the “most secure messenger”, for healthcare but also personal use, while lacking commonplace protections in the protocol and implementation of their mobile and web apps. Most issues were reported to ginlo on August 15th with a 90-day disclosure deadline, to which they said they were already aware of most of them. Besides swapping out an old PDF reader dependency, no fixes have been implemented at the time of writing.
- 14 Aug 2021
- Pitfalls of rolling your own E2EE protocol — An analysis of an e2ee chat app that used a non-cryptographically secure RNG and offered no way to verify keys.