I cant say that i know anything about the encryption services E.F.F refers to in this article but im posting this article from them for those of you who do know all about this...DAMIEN
https://www.eff.org/deeplinks/2018/05/a ... action-now
e-mail encryption warning from E.F.F
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
-
DAMIEN1307
e-mail encryption warning from E.F.F
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
-
BenTrabetere
- Level 7
- Posts: 1889
- Joined: Sat Jul 19, 2014 12:04 am
- Location: Hattiesburg, MS USA
Re: e-mail encryption warning from E.F.F
As I understand there is a vulnerability; it involves PGP/GPG, but the problem is with mail clients and HTML emails. (I will never be convinced that HTML email is anything other than a Force of Evil. It is up there with PowerPoint, top-posting, and putting mayonnaise on a hotdog.)
See
https://lists.gnupg.org/pipermail/gnupg ... 60315.html
http://seclists.org/oss-sec/2018/q2/104
https://twitter.com/gnupg/status/995931083584757760
See
https://lists.gnupg.org/pipermail/gnupg ... 60315.html
http://seclists.org/oss-sec/2018/q2/104
https://twitter.com/gnupg/status/995931083584757760
They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.
Patreon sponsor since August 2022
