You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4
There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now … #efail 2/4
Here are @EFF’s guides for disabling PGP/GPG in Thunderbird https://www.eff.org/deeplinks/2018/05/disabling-pgp-thunderbird-enigmail …, Apple Mail https://www.eff.org/deeplinks/2018/05/disabling-pgp-apple-mail-gpgtools …, and Outlook https://www.eff.org/deeplinks/2018/05/disabling-pgp-outlook-gpg4win …. #efail 3/4
This is joint research with Damian Poddebniak, @dr4ys3n, @jensvoid @Murgi @seecurity @cryptosorcerer @jurajsomorovsky and Jörg Schwenk from @fh_muenster, @ruhrunibochum, @LeuvenU. #efail 4/4
Any research paper about this ?
We'll release it tomorrow.
What about Protonmail?
full details tomorrow.
Interesting! Why would disabling PGP help, then it’s even easier to read emails in plain text? If the vulnerability is difficult to exploit it is still better than no encryption at all?
Disabling PGP doesn’t mean you you can read the email in plain text. If you receive an encrypted email, you can still contact the sender via other channels to ask what’s inside of it. Still better than a remote code execution while decrypting an email.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
