Today we proudly share the results of our security audit of LibVLC. With auditing by @trailofbits
and funding provided by the @sovtechfund, LibVLC received scoped security work, custom tools and fixes, and documentation for future security development.
Read more about the work performed on the open source core engine and foundation of VLC media player on our blog: https://ostif.org/libvlc-audit-complete/
source: 404media.co/a-secure-chat-apps…
The #Swisscows CEO confirmed a “technically possible but artificially constructed scenario.” Trail of Bits, for its part, refers to a “misrepresentation” of the #exploit by Swisscows: “The core problem is that Teleguard’s server has all the information needed to decrypt every user’s private key and read every message,” said #DanGuido, co-founder and CEO of #TrailOfBits .#teleguard #chat #messenger #security #encryption #hack #hacker #software #fail #omg #wtf #news #meme #bug #internet #spy #attack #end2end #rsa
Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.
FHE.org would like to thank Trail of Bits for their continued sponsorship this year (and last!) of the FHE.org 2026 conference.
Sponsorships like Trail of Bits' make it possible to provide a high quality conference with great speakers and to waive registration fees for all students.
Find out more information about Trail of Bits at https://trailofbits.com.
Don't forget to RSVP for your ticket to the FHE.org 2026 conference in Taipei, Taiwan March 8th!
huh #trailofbits did an audit of #simplex - only the "protocol spec" https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf
quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?
A deep dive into Linux’s new mseal syscall
https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/
If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including […]
I truly enjoyed reading Trail of Bits blog post on their security audit of #curl ( https://blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/ ) and @bagder answer on his blog ( https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/ ).
This is the way security audits should be handled, keeping clarity, addressing critical flaws, and working together towards a common path, software security and reliability.
OSTIF
Script Kiddie
N-gated Hacker News
Hacker News
FHE.org
stf
Blue DeviL // SCT
Tarnkappe.info
Guinness