Thomas Mathoi1d ago
Obsidian

Two new security audits of #Obsidian Sync by @cure53 and @trailofbits are now available on our Security page.

All findings have been addressed via remediations and disclosures validated by the respective auditors. Read more:
https://obsidian.md/blog/cure53-tob-sync-audits/

Obsidian Sync audits by Cure53 and Trail of Bits

Two security audits of Obsidian Sync are now available. All findings have been addressed via remediations and disclosures validated by the respective auditors.

Obsidian
May 13 at 4:56pmWeb
Show threadGuillaume Ross1d ago
@obsidian @kepano love the transparency!!
Show threadhyroniemus1d ago
@obsidian @cure53 @trailofbits thanks for posting, audits are one of the many things that make obsidian an awesome app
Show threadDeejacker1d ago
@obsidian @cure53 @trailofbits Good to see the commitment to routine pen testing and remediation activities. Good work.
Show threadPatrys1d ago
@obsidian @cure53 @trailofbits Assuming the metadata is not supposed to be changed by devices who can’t access the file contents, could you not mitigate it by storing metadata in both encrypted and unencrypted form (or storing a signature of unencrypted metadata) to let clients automatically detect (and fix) routing corruption?
Show threadZeStig    1d ago
Anything but open-sourcing the client huh?