Article in Forbes.
hans at guardianproject.info
Thu Mar 19 15:27:21 CET 2015
Sounds like you should report it directly to GPGTools.org. I'm sure they have
a bug tracker or mailing address somewhere.
Have you seen any technical details on this attack? Its hard to tell exactly
what's happening from that article.
> Perhaps not directly gnupg related, more OS X related. But, with both
> GPGtools an GnuPG for OS X I'll post it here... (and there was this OS X
> sec. discussion the other week) :)
> It's seem like “Gatekeeper” is only using http if I read it correctly.
> Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper
> “He found around 150 on his own machine, including hugely popular
> software like Microsoft Word and Excel, Apple’s own iCloud Photos and
> Dropbox. The list also included Apple’s developer tool *XCODE and email
> encryption key management software GPG Keychain, both of which he abused
> in his proof of concept attacks*.”
> I have no idea how this works, but one question that came in mind was if
> a hijacked “GPG Keychain” on a Mac computer could form a threat to gpg
> on other platforms?
> Anyway, interesting reading. Just wanted to share.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
More information about the Gnupg-users