Thomas H. PtacekJun 12, 2023

I don't so much care about OOXML signatures per se (maybe there's some European government that relies on them, but I've never seen a signed .DOCX in real life), but this paper is super useful just as a record of how to test a signature system.

https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann

Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures | USENIX

Show threadsystemd-jaded.timerJun 12, 2023
@tqbf i think the same people (?) did PDFs too: https://www.youtube.com/watch?v=0Le6Q14MV_k
On the security of PDF Signatures

YouTube
Show threadThomas H. Ptacek
@leftpaddotpy Ruhr has been kicking ass these last few years.
Jun 12, 2023 at 5:25pmWeb