e-mail encryption warning from E.F.F

Chat about just about anything else
Post Reply
DAMIEN1307
Level 6
Level 6
Posts: 1071
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

e-mail encryption warning from E.F.F

Post by DAMIEN1307 » Mon May 14, 2018 6:48 am

I cant say that i know anything about the encryption services E.F.F refers to in this article but im posting this article from them for those of you who do know all about this...DAMIEN

https://www.eff.org/deeplinks/2018/05/a ... action-now
ORDO AB CHAO

User avatar
BenTrabetere
Level 5
Level 5
Posts: 736
Joined: Sat Jul 19, 2014 12:04 am
Location: Hattiesburg, MS USA

Re: e-mail encryption warning from E.F.F

Post by BenTrabetere » Mon May 14, 2018 1:00 pm

As I understand there is a vulnerability; it involves PGP/GPG, but the problem is with mail clients and HTML emails. (I will never be convinced that HTML email is anything other than a Force of Evil. It is up there with PowerPoint, top-posting, and putting mayonnaise on a hotdog.)

See
https://lists.gnupg.org/pipermail/gnupg ... 60315.html
http://seclists.org/oss-sec/2018/q2/104

https://twitter.com/gnupg/status/995931083584757760
They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.

Post Reply

Return to “Open chat”