Security advisory: Signal IDN homograph attack

Security advisory

Advisory information Title: Signal IDN homograph attacks Advisory reference: BLAZE-01-2019 (CVE-2019-9970) Product: Signal Disclosure mode: Coordinated disclosure Product Description The signal is an encrypted communications app for Android and iOS. A desktop version is also available for Linux, Windows, and macOS. It uses the Internet to send one-to-one and group messages, including files, voice notes, […]

Homographs Attack: What you see is not what you get

homographs attack

Introduction Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN over two decades ago, a series of brand new security implications were also brought into the light together with the possibility of registering domain names using different alphabets and Unicode characters. When researching the feasibility of […]

Security advisory: Porteus Kiosk security restrictions bypass

bug bw

Advisory information Title: Porteus Kiosk security restrictions bypass Advisory reference: BLAZE-01-2017 Product: Porteus Kiosk Disclosure mode: Coordinated disclosure Product description Porteus Kiosk is a popular lightweight Linux designed to be used as a kiosk solution. It implements several restrictions with the intent to prevent malicious users to modify the configuration of the Firefox browser and […]