Have a suggestion?

Click here to suggest a blog item.

Newsletters Archive

Catch up with DonationCoder by browsing our past newsletters, which collect the most interesting discussions on our site: here.

Editorial Integrity

DonationCoder does not accept paid promotions. We have a strict policy of not accepting gifts of any kind in exchange for placing content in our blogs or newsletters, or on our forum. The content and recommendations you see on our site reflect our genuine personal interests and nothing more.


Latest News

July 30, 2018
Software Updates

June 24, 2018
Software Updates

Apr 2, 2018
Fundraiser Celebration

Apr 2, 2018
Software Updates

Feb 24, 2018
Software Updates

Jan 14, 2018
Major Site News

Jan 10, 2018
Event Results

Latest Forum Posts

Our daily Blog

This page spotlights the most interesting posts collected from our forum every day.

You are viewing a specific blog item. Click here to return to the main blog page.

eff says immediately disable or uninstall tools that auto decrypt PGP email

Screenshot - 5_14_2018 , 10_28_03 AM_thumb001.png
Security warning: eff.org says that you need to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.

This looks pretty serious.  Although they are not saying what the flaw is yet, the key seems to be if you have a mail program that AUTOMATICALLY decrypts pgp encrypted emails, somehow that can be hijacked.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

https://www.eff.org/...-you-take-action-now



Share on Facebook
submit to reddit