Critical PGP and S/MIME bugs can reveal encrypted e-mails. Uninstall now | Ars Technica


11 bookmarks. First posted by krisnelson 10 days ago.


The research for this post is now public. See this post for details. A less drastic safeguard is to ensure HTML is disabled in the email client, although the researchers have warned that future exfiltration attacks may work even then.
security 
3 days ago by jeffhammond
Researchers warn about critical flaws in PGP and S/MIME that can reveal the plaintext of encrypted emails, recommend uninstalling those tools from email clients
9 days ago by joeo10
The research for this post is now public. See this post for details. A less drastic safeguard is to ensure HTML is disabled in the email client, although the researchers have warned that future exfiltration attacks may work even then.
Archive 
10 days ago by plouf
Critical PGP and S/MIME bugs can reveal encrypted e-mails
from twitter
10 days ago by geeknik
Schinzel referred people this blog post published late Sunday night by the Electronic Frontier Foundation. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Both Schinzel and the EFF blog post said they will be disclosed late Monday night California time in a paper written by a team of European security researchers. The research team members have been behind a variety of other important cryptographic attacks, including one from 2016 called Drown , which decrypted communications protected by the transport layer security protocol. Given the track record of the researchers and the confirmation from EFF, it's worth heeding the advice to disable PGP and S/MIME in e-mail clients while waiting for more details to be released Monday night.
10 days ago by sechilds
This is WRT email clients and not PGP per se.
from twitter
10 days ago by dnene
Critical PGP and S/MIME bugs can reveal encrypted e-mails. Uninstall now | Ars Technica
from twitter
10 days ago by Fallingbadgers
Critical PGP and S/MIME bugs can reveal encrypted e-mails. Uninstall now
from twitter_favs
10 days ago by krisnelson