{"generator":"GNU social 2.0.1-beta0","title":"Conversation","totalItems":1,"items":[{"actor":{"id":"https:\/\/mastodon.social\/users\/nwalfield","displayName":"Neal Walfield","status_net":{"avatarLinks":[{"url":"https:\/\/chirp.cooleysekula.net\/theme\/neo-quitter\/default-avatar-profile.png","rel":"avatar","type":"image\/png","width":96,"height":96},{"url":"https:\/\/chirp.cooleysekula.net\/theme\/neo-quitter\/default-avatar-stream.png","rel":"avatar","type":"image\/png","width":48,"height":48},{"url":"https:\/\/chirp.cooleysekula.net\/theme\/neo-quitter\/default-avatar-mini.png","rel":"avatar","type":"image\/png","width":24,"height":24}],"profile_info":{"local_id":"11735"}},"image":{"url":"https:\/\/chirp.cooleysekula.net\/theme\/neo-quitter\/default-avatar-profile.png","rel":"avatar","type":"image\/png","width":96,"height":96},"objectType":"person","summary":"I work on Sequoia, a project to improve the OpenPGP ecosystem.Antifa. Pro democracy. Pro positive and negative liberty.","url":"https:\/\/mastodon.social\/@nwalfield","portablecontacts_net":{"preferredUsername":"nwalfield","displayName":"Neal Walfield","note":"I work on Sequoia, a project to improve the OpenPGP ecosystem.Antifa. Pro democracy. Pro positive and negative liberty."}},"content":"
Thunderbird recently issued two CVEs related to unencrypted secret key material. In CVE-2021-29956, TB forgot to encrypt the secret key material for newly imported keys. In CVE-2021-29950, which introduced the previous CVE, they forgot to reprotect secret key material in memory. In this blog post, I discuss what we can learn. https:\/\/sequoia-pgp.org\/blog\/2021\/05\/22\/202105-a-look-at-two-recent-cves-in-thunderbirds-openpgp-support\/<\/a><\/p>","generator":{"id":"tag:chirp.cooleysekula.net,2024-03-29:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mastodon.social\/users\/nwalfield\/statuses\/106279787076422771","object":{"id":"https:\/\/mastodon.social\/users\/nwalfield\/statuses\/106279787076422771","objectType":"note","content":" Thunderbird recently issued two CVEs related to unencrypted secret key material. In CVE-2021-29956, TB forgot to encrypt the secret key material for newly imported keys. In CVE-2021-29950, which introduced the previous CVE, they forgot to reprotect secret key material in memory. In this blog post, I discuss what we can learn. https:\/\/sequoia-pgp.org\/blog\/2021\/05\/22\/202105-a-look-at-two-recent-cves-in-thunderbirds-openpgp-support\/<\/a><\/p>","url":"https:\/\/mastodon.social\/@nwalfield\/106279787076422771","status_net":{"notice_id":null}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:chirp.cooleysekula.net,2022-05-20:objectType=thread:nonce=44ebb0c30feac404","notice_info":{"local_id":"327106","source":"ActivityPub"}},"published":"2022-05-20T02:33:09+00:00","provider":{"objectType":"service","displayName":"Chirp!","url":"https:\/\/chirp.cooleysekula.net\/"},"verb":"post","url":"https:\/\/mastodon.social\/@nwalfield\/106279787076422771"}],"links":[{"url":"https:\/\/chirp.cooleysekula.net\/conversation\/215356","rel":"alternate","type":"text\/html"}]}