Critical PGP and S/MIME Bugs May Reveal Plaintext of Encrypted Emails

Critical PGP and S/MIME Bugs May Reveal Plaintext of Encrypted Emails

Posted by · 4185 views · Translate

A group of security researchers have found critical vulnerabilities in PGP/GPG and S/MIME email encryption that can reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

Sebastian Schinzel, a professor of computer security at Münster University of Applied Sciences, announced the discovery on Twitter.

"There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now."

The EFF says it has confirmed that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. It's suggested that users "immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email."

Here are the guides posted by the EFF that show you how to temporarily disable PGP plug-ins:
Thunderbird with Enigmail
Apple Mail with GPGTools
Outlook with Gpg4win

Full vulnerability details will be published in a paper that will be posted Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

Read More


Critical PGP and S/MIME Bugs May Reveal Plaintext of Encrypted Emails

D4xM4Nx - May 15, 2018 at 3:37pm
How about trying a paid VPN? Whole internet traffic is being tunneled. Should do for now at least.
Recent