Cure53: Difference between revisions

From Citizendium
Jump to navigation Jump to search
(first draft here)
 
(more details)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{subpages}}
'''Cure53''' is a [[German]] cybersecurity firm.<ref name=Cbc2015-12-09/><ref name=Csm2015-11-02/><ref name=TorStar2015-11-02/><ref name=Wired2015-05-19/><ref name=second-audit/>


'''Cure53''' is a [[German]] cybersecurity firm.<ref name=Cbc2015-12-09/><ref name=Csm2015-11-02/><ref name=TorStar2015-11-02/><ref name=Wired2015-05-19/><ref name=second-audit/>
After a report from the firm on the [[South Korea]]n security app [[Smart Sheriff]], that described its security holes as ''"catastrophic"'', the South Korean government ordered the app to be shutdown.<ref name=Cbc2015-12-09/><ref name=Csm2015-11-02/><ref name=TorStar2015-11-02/><ref name=japantimes2015-11-02/>
 
Security researchers routinely rely on an extensive repository of test cases Cure53 has released, when conductint their own security tests.<ref name=Usenix2018-08-15/>


After a report from the firm on the [[South Korea]]n security app [[Smart Sheriff]], that described its security holes as ''"catastrophic"'', the South Korean government ordered the app to be shutdown.<ref name=Cbc2015-12-09/><ref name=Csm2015-11-02/><ref name=TorStar2015-11-02/>
Cure53 has been used by security researchers to test the security of password managers.<ref name=Boise2017/><ref name=KnowledgeFlo2020/>


==References==
==References==
{{reflist|refs=
{{reflist|refs=
{{cite news     
| url        =
| title      =
| work        =
| author      =
| date        =
| page        =
| location    =
| isbn        =
| language    =
| trans-title =
| trans_title = 
| archiveurl  =
| archivedate =
| accessdate  = 2024-02-09
| url-status  = live
| quote      =
}}
</ref>
{{cite news   
| url        =
| title      =
| work        =
| author      =
| date        =
| page        =
| location    =
| isbn        =
| language    =
| trans-title =
| trans_title = 
| archiveurl  =
| archivedate =
| accessdate  = 2024-02-09
| url-status  = live     
| quote      =
}}
</ref>
{{cite news   
| url        =
| title      =
| work        =
| author      =
| date        =
| page        =
| location    =
| isbn        =
| language    =
| trans-title =
| trans_title = 
| archiveurl  =
| archivedate =
| accessdate  = 2024-02-09
| url-status  = live
| quote      =
}}
</ref>
{{cite news   
| url        =
| title      =
| work        =
| author      =
| date        =
| page        =
| location    =
| isbn        =
| language    =
| trans-title =
| trans_title =
| archiveurl  =
| archivedate =
| accessdate  = 2024-02-09
| url-status  = live
| quote      =
}}
</ref>
{{cite news     
| url        =
| title      =
| work        =
| author      =
| date        =
| page        =
| location    =
| isbn        =
| language    =
| trans-title =
| trans_title = 
| archiveurl  =
| archivedate =
| accessdate  = 2024-02-09
| url-status  = live
| quote      =
}}
</ref>
<ref name=Usenix2018-08-15>
{{cite news   
| url        = https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf 
| title      = Efail: Breaking S/MIME and OpenPGP Email
Encryption using Exfiltration Channels
| work        = [[Proceedings of the27th USENIX Security Symposium]]
| author      = Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
| date        = 2018-08-15
| page        = 558, 561
| archiveurl  = https://web.archive.org/web/20231123150202/https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf
| archivedate = 2023-11-23
| accessdate  = 2024-02-09
| url-status  = live     
| quote      =  In addition, we tested against the vectors from the Email Privacy Tester6 project and the Cure53 HTTPLeaks repository. This extensive list of test-cases allowed us to bypass external content blocking in 22 email clients.
}}
</ref>
<ref name=Boise2017>
{{cite news   
| url        = https://scholarworks.boisestate.edu/cgi/viewcontent.cgi?article=1175&context=cs_facpubs
| title      = Analysis on the Security and Use of Password Managers
| work        = [[Boise State University]]
| author      = Carlos Luevanos, John Elizarraras, Khai Hirschi, Jyh-Haw Yeh
| date        = 2017
| archiveurl  = https://web.archive.org/web/20220528004808/https://scholarworks.boisestate.edu/cgi/viewcontent.cgi?article=1175&context=cs_facpubs
| archivedate = 2022-05-28
| accessdate  = 2024-02-09
| url-status  = live
| quote      =  The team’s use of cryptographic functions (by use of OpenPGP) has been reviewed by security audit team Cure53. The team was able to find several vulnerabilities in the OpenPGP library but we shall omit the details.
}}
</ref>
<ref name=KnowledgeFlo2020>   
{{cite news
| url        = https://www.researchgate.net/profile/Matthew-Grant-10/publication/350818744_Security_Concerns_in_Password_Managers/links/60744e43299bf1c911c74ee2/Security-Concerns-in-Password-Managers.pdf
| title      = Security Concerns in Password Managers: Investigation adn comparison of Password Management Tools based on security concerns: Investigation and comparison of password management tools based on Secutiry concerns
| work        = [[Knowledgeflo]]
| author      = Matthew Grant, Jamie Kennedy, Jiechen Zhu, Jayden Tan, Stephanie Markovski, Claudie Popa
| date        = October 2020
| pages      = 9, 11, 16, 19, 42
| archiveurl  =
| archivedate =
| accessdate  = 2024-02-09
| url-status  = live
| quote      = Their most recent pen-test from Cure53 found 2 medium risk threats stating that the 1Password Vault that stores the user’s passwords are vulnerable to compromise and these issues have yet to be remediated.
}}
</ref>
<ref name=second-audit>
<ref name=second-audit>
{{cite news
{{cite news
Line 64: Line 218:
| quote = Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code.
| quote = Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code.
}}
}}
</ref>
<ref name=japantimes2015-11-02>
{{cite news   
| url        = http://www.japantimes.co.jp/news/2015/11/02/asia-pacific/south-korea-ditching-smart-sheriff-child-monitoring-app-catastrophic-security-woes/
| title      = South Korea ditching Smart Sheriff child monitoring app over 'catastrophic' security woes
| work        = [[The Japan Times Online]]
| date        = 2015-11-02
| issn        = 0447-5763
| location    = [[London, United Kingdom]]
| archiveurl  = https://web.archive.org/web/20151211070642/https://www.japantimes.co.jp/news/2015/11/02/asia-pacific/south-korea-ditching-smart-sheriff-child-monitoring-app-catastrophic-security-woes/#.Vmp2Cb3P32c
| archivedate = 2015-12-11
| accessdate  = 2015-11-04
| url-status  = dead
| quote      = Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code. In a pair of reports published in September, Cure53 described the app’s security as “catastrophic.” Citizen Lab, which is based at the University of Toronto’s Munk School of Global Affairs, said the problems could lead to a “mass compromise” of all users.
}}
[https://web.archive.org/web/20151211070642/https://www.japantimes.co.jp/news/2015/11/02/asia-pacific/south-korea-ditching-smart-sheriff-child-monitoring-app-catastrophic-security-woes/#.Vmp2Cb3P32c mirror]
</ref>
</ref>
}}
}}

Latest revision as of 23:21, 9 February 2024

This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Cure53 is a German cybersecurity firm.[1][2][3][4][5]

After a report from the firm on the South Korean security app Smart Sheriff, that described its security holes as "catastrophic", the South Korean government ordered the app to be shutdown.[1][2][3][6]

Security researchers routinely rely on an extensive repository of test cases Cure53 has released, when conductint their own security tests.[7]

Cure53 has been used by security researchers to test the security of password managers.[8][9]

References

  1. 1.0 1.1 Packrat malware targets dissidents, journalists in South America, Citizen Lab finds: Probe started after Packrat targeted Argentine special prosecutor found dead of gunshot wound, CBC News, 2015-12-09. Retrieved on 2016-01-09.
  2. 2.0 2.1 Max Lewontin. South Korea pulls plug on child surveillance app after security concerns: Government officials pulled Smart Sheriff, an app that lets parents track how their children use social media, from the Google Play store over the weekend, Christian Science Monitor, 2015-11-02. Retrieved on 2016-01-09. “But researchers from Citizens Lab, a research group based at the University of Toronto, and Cure53, a German software company, released two reports in September finding that Smart Sheriff had a variety of security issues that it made it vulnerable to hackers and put children and parents’ personal information at risk.”
  3. 3.0 3.1 Raphael Satter, Youkyung Lee. South Korea shuts down child surveillance app over security concerns: The removal of the state-approved Smart Sheriff is a blow to South Korea's effort to keep closer tabs on the online lives of youth., Toronto Star, 2015-11-02. Retrieved on 2016-01-09. “Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code.”
  4. Andy Greenberg. The Free Encryption App That Wants to Replace Gmail, Dropbox, and HipChat, Wired, 2015-01-14. Retrieved on 2015-05-19.
  5. Timm Trevor. SecureDrop Undergoes Second Security Audit, 2014-01-20. Retrieved on 2014-07-13. “This time, we worked with the German security firm Cure53, who has previously done audits of GlobaLeaks, Mailvelope, and CryptoCat.”
  6. South Korea ditching Smart Sheriff child monitoring app over 'catastrophic' security woes, The Japan Times Online, 2015-11-02. Retrieved on 2015-11-04. “Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code. In a pair of reports published in September, Cure53 described the app’s security as “catastrophic.” Citizen Lab, which is based at the University of Toronto’s Munk School of Global Affairs, said the problems could lead to a “mass compromise” of all users.” mirror
  7. Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk. [https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels], Proceedings of the27th USENIX Security Symposium, 2018-08-15, p. 558, 561. Retrieved on 2024-02-09. “In addition, we tested against the vectors from the Email Privacy Tester6 project and the Cure53 HTTPLeaks repository. This extensive list of test-cases allowed us to bypass external content blocking in 22 email clients.”
  8. Carlos Luevanos, John Elizarraras, Khai Hirschi, Jyh-Haw Yeh. Analysis on the Security and Use of Password Managers, Boise State University, 2017. Retrieved on 2024-02-09. “The team’s use of cryptographic functions (by use of OpenPGP) has been reviewed by security audit team Cure53. The team was able to find several vulnerabilities in the OpenPGP library but we shall omit the details.”
  9. Matthew Grant, Jamie Kennedy, Jiechen Zhu, Jayden Tan, Stephanie Markovski, Claudie Popa. Security Concerns in Password Managers: Investigation adn comparison of Password Management Tools based on security concerns: Investigation and comparison of password management tools based on Secutiry concerns, Knowledgeflo, October 2020, pp. 9, 11, 16, 19, 42. Retrieved on 2024-02-09. “Their most recent pen-test from Cure53 found 2 medium risk threats stating that the 1Password Vault that stores the user’s passwords are vulnerable to compromise and these issues have yet to be remediated.”