EFF revises IM scorecard ratings after pen testers spot vulnerabilities
EFF will revise the safety ratings on its instant message scorecard after researchers found flaws.
The Electronic Frontier Foundation (EFF) will revise its instant message (IM) safety ratings after a pair of researchers spotted vulnerabilities in platforms previously rated as “secure” by the privacy group.
Australian security duo Matt Jones and Daniel Hodson found code execution and communication interception vulnerabilities after conducting several penetration tests on a selection of IM platforms listed on the EFF's Secure Messaging Scorecard (SMS), according to The Register.
An EFF spokeswoman told the publication the scorecard “won't always guarantee security in practice” and that it “is not an endorsement of any tool.”
“The criteria for getting a green tick in that box is simply saying 'yes we've had a code audit, yes we are doing this' but there is no actual validation," the Register quoted Hodson as saying at a BSides hacker conference last week.
He said the scorecard is a valid concept but needs to be supported with more rigorous security testing.