Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures

www.usenix.org

Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures

www.usenix.org

execveat@infosec.pubM to Research@infosec.pubEnglish · 1 year ago

OOXML signatures are rendered pretty much useless due to 3 flaws in specification and 2 flaws in implementation.

“The vulnerabilities have been acknowledged by Microsoft. However, Microsoft has decided that the vulnerabilities do not require immediate attention.”

You must log in or register to comment.

Chat

Research@infosec.pub

research@infosec.pub

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

/r/netsec’s branch in the fediverse.

A community-curated aggregator of technical research. Our mission is to extract signal from the noise.

Only post technical content here. New tools (and major releases of existing ones), novel techniques, deep dives and post mortems are the ideal content. CTF and bug bounty writeups could be acceptable if they showcase lesser known approaches or techniques.

Non-technical content (both beginner and CISO level) will be considered spam.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
6 users / week
6 users / month
6 users / 6 months
1 local subscriber
294 subscribers
9 Posts
1 Comment
Modlog

mods:
execveat@infosec.pub