Vector drawing of a zip file with bugs flying out of it

vulns.zip

Free all the bugs!

13 Nov 2023
Obvious vulnerabilities in self-proclaimed “most secure messenger”ginlo proclaims itself as the “most secure messenger”, for healthcare but also personal use, while lacking commonplace protections in the protocol and implementation of their mobile and web apps. Most issues were reported to ginlo on August 15th with a 90-day disclosure deadline, to which they said they were already aware of most of them. Besides swapping out an old PDF reader dependency, no fixes have been implemented at the time of writing.
14 Aug 2021
Pitfalls of rolling your own E2EE protocolAn analysis of an e2ee chat app that used a non-cryptographically secure RNG and offered no way to verify keys.