[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Email security: PGP/GPG & S/MIME vulnerability drop imminent
- Subject: Email security: PGP/GPG & S/MIME vulnerability drop imminent
- From: nanog at ics-il.net (Mike Hammett)
- Date: Tue, 15 May 2018 07:43:35 -0500 (CDT)
- In-reply-to: <[email protected]>
- References: <[email protected]>
Encrypted e-mail is so incredibly niche, this won't affect almost everyone.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "George William Herbert" <george.herbert at gmail.com>
To: nanog at nanog.org
Sent: Monday, May 14, 2018 2:43:25 AM
Subject: Email security: PGP/GPG & S/MIME vulnerability drop imminent
This is likely bad enough operators need to pay attention.
@seecurity tweeted:
"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
Thread starts here:
https://twitter.com/seecurity/status/995906576170053633?s=21
I have no particular insight into what it is other than presuming from thread that decryption can be tricked to do bad things.
They recommend temporary disabling downthread:
"There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFFâ??s blog post on this issue: eff.org/deeplinks/2018â?¦ #efail 2/4"
-george
Sent from my iPhone