GPZ> So we found these vulns related to CPU specula- Academia> ME ME ME TOO ALSO HERE'S A NAME AND A LOGO THE WORLD IS ENDING!!! Cure53> So Enigmail has some issue- Academia> OMG PGP IS DEAD EVERYONE STOP USING IT NOW ALSO NAME AND A LOGO!!! Starting to notice a pattern here.
-
Also: let me be clear. “I can fully decrypt your encrypted PGP emails with almost no user interaction” is not FUD. If you doubt the vuln exists, say so. But don’t say it’s not extremely serious for a crypto vuln.
"I can fully decrypt your encrypted PGP emails with almost no user interaction" is FUD. "I can fully decrypt your encrypted PGP emails if I can guess some plaintext and the zlib stars align and you enable HTML and and you're running outdated TB and Enigmail and blah blah" isn't.
-
-
Security issues are what they are, and have the impact they have. I do not appreciate the EFF shouting "OMG PGP IS BROKEN DISABLE NOW!!!1!" when my system already had two redundant mitigations in place by that time. I thought it was a freaking RCE.
-
You missed the part where EFF added to that shout use signal when a RCE was recently disclosed on electron which is the base of their desktop app that is *another* client-related issue. Jokes apart, it has been a really bad disclosure and communication as you pointed.
End of conversation
New conversation -
-
-
1. You can almost always guess some plaintext. That’s a key point of the paper. 2. Zlib is tough but it’s 1/3 not 1/100,000. Not a huge ask. 3. By outdated, do you mean “a version that was current for the past N years prior to this disclosure” because duh.
-
The EFF said “disable or uninstall plugins until there’s a patch”. That’s pretty straightforward advice. Not panic.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.