BadB
Professional
- Messages
- 1,711
- Reaction score
- 1,716
- Points
- 113
A group of academics, led by Professor Sebastian Schinzel at the University of Applied Sciences in Münster, warned of critical vulnerabilities in PGP and S / MIME. While the technical details of the problem have not been disclosed, they promise to be made public tomorrow.
Now, according to experts, it is known that holes in PGP and S / MIME make it possible to read messages encrypted in this way in plain text format. Worse, the problem extends to older emails sent and received in the past. On Twitter, Schinzel writes that there are currently no patches for the problems found, and recommends that you temporarily stop using PGP and S / MIME altogether.
Attention PGP Users: New Vulnerabilities Require You To Take Action Now
UPDATE: Enigmail and GPG Tools have been patched for EFAIL. For more up-to-date information, please see EFF's Surveillance Self-Defense guides.UPDATE (5/14/18): More information has been released. See EFF's more detailed explanation and analysis here.A group of European security researchers have...
To publicize the problem and warn users, experts turned to the Electronic Frontier Foundation (EFF) for help. Representatives of the EFF confirmed the severity of the detected problems and published a message in which they also called for disabling or uninstalling tools for working with PGP and S / MIME. While there are no fixes, as an alternative method of secure communication, users are advised to pay attention to the Signal messenger.
In addition, the Electronic Frontier Foundation has posted instructions on how to disable the respective plugins:
- Thunderbird with Enigmail;
- Apple Mail with GPGTools;
- Outlook with Gpg4win.
