On #efail: is this really just a CBC malleability thing w/ unsigned messages? I haven't used PGP in a while; how common are encrypted but unsigned messages? Also since when do mail clients enable JavaScript on HTML messages?
-
-
Totally agreed. String concatenation for the fail, yet again. ;) That’s why the times when I need PGP, I do it on the command line. From the paper... great stuff.pic.twitter.com/tvajjF2CZ8
-
I'm missing how the gpg bug is even involved. This MUA pasting bug looks exploitable without modifying the encrypted message.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.