Email security: PGP/GPG & S/MIME vulnerability drop imminent

• Previous message (by thread): Email security: PGP/GPG & S/MIME vulnerability drop imminent
• Next message (by thread): Email security: PGP/GPG & S/MIME vulnerability drop imminent
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Encrypted e-mail is so incredibly niche, this won't affect almost everyone. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "George William Herbert" <george.herbert at gmail.com> 
To: nanog at nanog.org 
Sent: Monday, May 14, 2018 2:43:25 AM 
Subject: Email security: PGP/GPG & S/MIME vulnerability drop imminent 


This is likely bad enough operators need to pay attention. 

@seecurity tweeted: 

"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4" 

Thread starts here: 
https://twitter.com/seecurity/status/995906576170053633?s=21 

I have no particular insight into what it is other than presuming from thread that decryption can be tricked to do bad things. 

They recommend temporary disabling downthread: 

"There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: eff.org/deeplinks/2018… #efail 2/4" 

-george 

Sent from my iPhone 

• Previous message (by thread): Email security: PGP/GPG & S/MIME vulnerability drop imminent
• Next message (by thread): Email security: PGP/GPG & S/MIME vulnerability drop imminent
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]