Here are instructions for disabling the Enigmail or GPGTools plug-ins in some common email clients: Thunderbird: https://www.eff.org/deeplinks/2018/05/disabling-pgp-thunderbird-enigmail … Apple Mail: https://www.eff.org/deeplinks/2018/05/disabling-pgp-apple-mail-gpgtools … Outlook:https://www.eff.org/deeplinks/2018/05/disabling-pgp-outlook-gpg4win …
-
-
Show this thread
-
More details about the vulnerability will be made public on 2018-05-15 07:00 UTC. We will release more explanations and analysis then.https://twitter.com/seecurity/status/995906576170053633 …
Show this thread -
For now, do not decrypt encrypted PGP messages that you receive using your email client. Instead, use non-email based messaging platforms, like Signal, for your encrypted messaging needs.
Show this thread -
EFF took a close look at the
#efail PGP vulnerability. Here’s how it works in plain-as-possible language, and why we’ve recommended—for now—users disable PGP email plugins.https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0 …Show this thread
End of conversation
New conversation -
-
-
even enigmail on bsd/gnu?
-
"immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email" The tools do not do this automatically, they require manually entering a passphrase. Does this affect all platforms or just ones with back doors (e.g. OS X, Windows) on which PGP futile?
- Show replies
New conversation -
-
-
This Tweet is unavailable.
-
They're not saying you should use plaintext, they're saying you should use something else until the bug is fixed. This is probably a remote code execution bug (or an active key disclosure flaw). You shouldn't *decrypt* (untrusted) incoming email [which could be malicious].
- Show replies
-
-
-
No mention of S/MIME? This is really at danger because authenticated encryption is not used with S/MIME. In contrast OpenPGP uses AE for 15 years. I just checked GpgOL and it does check for decryption errors and does not show the message. (see https://dev.gnupg.org/T3714 )
-
This is something different here. We'll release the full info on this in ~24h.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.