This sounds very bad. And there are currently no reliable fixes.
#efailhttps://twitter.com/seecurity/status/995906576170053633 …
Show this thread
-
This vulnerability might be used to decrypt the contents of encrypted emails sent in the past. Having used PGP since 1993, this sounds baaad.
#efailShow this thread
They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.
-
-
so it's a decryption oracle?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Could you please keep it quiet? There will be plenty of time to do this discussion.
-
This Tweet is unavailable.
- Show replies
New conversation -
-
-
So kmail is ok.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@kdecommunity is#KMail/#Kontact safe from this?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Would be good to know which mail client is safe for OpenPGP, mutt/kmail etc.???
-
All mail clients are safe as long as you use plaintext
End of conversation
New conversation -
-
-
Seems like this is going to be way overblown, and a little irresponsible on the part of $researcher and
@eff. We’ll see… -
Just have to not talk about it until tomorrow otherwise fame acquired is less than the requested 15minshttps://twitter.com/seecurity/status/995936859980222464 …
End of conversation
New conversation -
-
-
pretty Easy privacy (p≡p) for Android, Outlook and Tunderbird (with
#Engimail in#EnigmailpEp) relying on@gnupg ist encrypting and signing PGP/MIME mails automatically and NOT automatically loading external links: so no reason to spread FUD like this.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.