Serious vulnerabilities with OpenPGP and S/MIME

by
corbet
from LWN.net on (#3Q5QK)
The efail.de site describes a set ofvulnerabilities in the implementation of PGP and MIME that can cause thedisclosure of encrypted communications, including old messages. "In anutshell, EFAIL abuses active content of HTML emails, for exampleexternally loaded images or styles, to exfiltrate plaintext throughrequested URLs."

The EFF recommendsuninstalling email-encryption tools that automaticallydecrypt email entirely. "Until the flawsdescribed in the paper are more widely understood and fixed, users shouldarrange for the use of alternative end-to-end secure channels, such asSignal, and temporarily stop sending and especially reading PGP-encryptedemail."

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments