Popular PGP Email add-on Enigmail addresses security gaps

by
in security on (#2S8K)
story imageYou might be familiar with Enigmail, the popular add-on to the Thunderbird email program that allows public-key encryption of email. If you haven't heard of it, it's worth investigating - Enigmail is an important upgrade to your email experience. And if you're already using it then you should upgrade, because several encryption flaws were found, and have recently been patched.
An Enigmail user who reported one of the encryption failures in version 1.7 on the project's support forum described the situation as "the biggest imaginable catastrophe."

"I am currently preparing a crypto class for journalists next week to teach them how to use safe email," the user wrote. "HOW am I going to explain that? A system tells the user in a separate window as well as in a menu line that everything will be encrypted but then it simply FORGOT to ENCRYPT and, ooops, their report will be intercepted and their source will be tortured?"
That's a bit hyperbolic perhaps. But it's still a good time to keep your encryption up to date. Unless you agree with security researcher Matthew Green, who thinks PGP sucks and it's time for it to die.

Disagree (Score: 0)

by Anonymous Coward on 2014-09-11 00:59 (#2S96)

I actually RTFA this time and completely disagree. There's nothing remotely hyperbolic about the vulnerabilities, the shameful lack of disclosure, or the teacher/journalist's quote.

Who goes to all the trouble of using e-mail encryption? The paranoid, hobbyists, and PEOPLE WHO REALLY NEED IT.

Of mother*(@#&%()& COURSE someone being tortured as a direct result of this false encryption is a very real possibility.

I've never used this particular plugin, in part since like most people I've given in to the inevitability of government surveillance over everything (and in part because its use actually draws attention, and most of all because no one else can read your mail to them without a major hassle on their part). But I am moderately shocked at how badly the developers handled this situation, if this report is to be believed....
Post Comment
Subject
Comment
Captcha
Enter the number forty seven thousand nine hundred and thirty in digits: