[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Email security: PGP/GPG & S/MIME vulnerability drop imminent

Subject: Email security: PGP/GPG & S/MIME vulnerability drop imminent
From: george.herbert at gmail.com (George William Herbert)
Date: Mon, 14 May 2018 00:43:25 -0700

This is likely bad enough operators need to pay attention.

@seecurity tweeted:

"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"

Thread starts here:
https://twitter.com/seecurity/status/995906576170053633?s=21

I have no particular insight into what it is other than presuming from thread that decryption can be tricked to do bad things.

They recommend temporary disabling downthread:

"There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFFâ??s blog post on this issue: eff.org/deeplinks/2018â?¦ #efail 2/4"

-george 

Sent from my iPhone

Follow-Ups:
- Email security: PGP/GPG & S/MIME vulnerability drop imminent
  - From: ops.lists at gmail.com (Suresh Ramasubramanian)
- Email security: PGP/GPG & S/MIME vulnerability drop imminent
  - From: nanog at ics-il.net (Mike Hammett)

Prev by Date: AW: DSL Operators Mailing List?
Next by Date: Email security: PGP/GPG & S/MIME vulnerability drop imminent
Previous by thread: ALTDB - Getting records removed
Next by thread: Email security: PGP/GPG & S/MIME vulnerability drop imminent
Index(es):
- Date
- Thread