Article in Forbes.

Hans-Christoph Steiner hans at guardianproject.info
Thu Mar 19 15:27:21 CET 2015


Sounds like you should report it directly to GPGTools.org.  I'm sure they have
a bug tracker or mailing address somewhere.

Have you seen any technical details on this attack?  Its hard to tell exactly
what's happening from that article.

.hc

Eric F:
> Perhaps not directly gnupg related, more OS X related. But, with both
> GPGtools an GnuPG for OS X I'll post it here... (and there was this OS X
> sec. discussion the other week) :)
> 
> It's seem like “Gatekeeper” is only using http if I read it correctly.
> 
> Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper
> http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gatekeeper-bypass-exacerbated-by-unencrypted-av-downloads/
> 
> “He found around 150 on his own machine, including hugely popular
> software like Microsoft Word and Excel, Apple’s own iCloud Photos and
> Dropbox. The list also included Apple’s developer tool *XCODE and email
> encryption key management software GPG Keychain, both of which he abused
> in his proof of concept attacks*.”
> 
> 
> I have no idea how this works, but one question that came in mind was if
> a hijacked “GPG Keychain” on a Mac computer could form a threat to gpg
> on other platforms?
> 
> Anyway, interesting reading. Just wanted to share.
> 
> /Eric
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81



More information about the Gnupg-users mailing list