Attention PGP Users: New Vulnerabilities Require You to Take Action Now
mirimir at riseup.net
Mon May 14 09:17:40 CEST 2018
| A group of European security researchers have released a warning
| about a set of vulnerabilities affecting users of PGP and S/MIME.
| EFF has been in communication with the research team, and can
| confirm that these vulnerabilities pose an immediate risk to
| those using these tools for email communication, including the
| potential exposure of the contents of past messages.
| The full details will be published in a paper on Tuesday at 07:00
| AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the
| short-term risk, we and the researchers have agreed to warn the
| wider PGP user community in advance of its full publication.
| Our advice, which mirrors that of the researchers, is to
| immediately disable and/or uninstall tools that automatically
| decrypt PGP-encrypted email. Until the flaws described in the
| paper are more widely understood and fixed, users should arrange
| for the use of alternative end-to-end secure channels, such as
| Signal, and temporarily stop sending and especially reading
| PGP-encrypted email.
| We'll publish critical vulnerabilities in PGP/GPG and S/MIME
| email encryption on 2018-05-15 07:00 UTC. They might reveal the
| plaintext of encrypted emails, including encrypted emails sent
| in the past.
More information about the Gnupg-users