Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

EFF revises IM scorecard ratings after pen testers spot vulnerabilities


The Electronic Frontier Foundation (EFF) will revise its instant message (IM) safety ratings after a pair of researchers spotted vulnerabilities in platforms previously rated as “secure” by the privacy group.

Australian security duo Matt Jones and Daniel Hodson found code execution and communication interception vulnerabilities after conducting several penetration tests on a selection of IM platforms listed on the EFF's Secure Messaging Scorecard (SMS), according to The Register.

An EFF spokeswoman told the publication the scorecard “won't always guarantee security in practice” and that it “is not an endorsement of any tool.”

“The criteria for getting a green tick in that box is simply saying 'yes we've had a code audit, yes we are doing this' but there is no actual validation," the Register quoted Hodson as saying at a BSides hacker conference last week.

He said the scorecard is a valid concept but needs to be supported with more rigorous security testing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.