SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #1  
Old 14 May 2018, 10:54
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,661
PGP flaw discovered (encrypted email)

According to the world: Everything is in chaos and PGP has been destroyed!

https://gizmodo.com/email-no-longer-...ter-1826002682

CV interpretation: If you follow some of the amazing SOCNET threads, you're likely just fine. The key points to remember is that you should be using plaintext for PGP encrypted emails and stay away from email Clients. Those are the issues that make this flaw an issue.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #2  
Old 14 May 2018, 12:12
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,962
Quote:
Originally Posted by CV View Post

CV interpretation: If you follow some of the amazing SOCNET threads, you're likely just fine. The key points to remember is that you should be using plaintext for PGP encrypted emails and stay away from email Clients. Those are the issues that make this flaw an issue.
Spot on. It's not a flaw in PGP, it's a flaw in the implementation. And look at what the attacker needs to accomplish. HTML PGP? LOL/Ahahahahahaha!

I want someone to hand that guy an 8.5"x11" piece of paper with a PGP message on it - and have him tell me what it says.

Pssssst! VeraCrypt isn't secure if you let a bad guy get malware on your system

Remember the old days when you'd use Kerio Firewall to restrict Outlook Express to ONLY ports 25 and 110? Yay, progress

But really, in today's world, Signal, any OTR messenger, etc... is probably the way to go.

Quote:
A spokesperson for ProtonMail, a webmail service that uses PGP, confirmed its services were not affected. The spokesperson also (said) eFail wasn't exactly new. "It has been known since 2001. The vulnerability exists in implementation errors in various PGP clients and not the protocol itself," the spokesperson added.

"What is newsworthy is that some clients that support PGP were not aware of this for 17 years and did not perform the appropriate mitigation.

"As the world's largest encrypted email service based on PGP, we are disappointed that some organizations and publications have contributed to a narrative that suggests PGP is broken or that people should stop using PGP. This is not a safe recommendation."

Last edited by Polypro; 14 May 2018 at 12:25.
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 06:08.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
SOCNET 1996-2018