Categories
security

Vulnerabilities for PGP and emails

following a series of tweets from the Electronic Frontier Foundation, I’m reblogging their article to give it even more visibility on a topic that many don’t seem to know, which is email encryption.

A group of researchers has found out and published a series of vulnerabilities affecting the use of PGP for email encryption (you can read more in depth coverage on this topic on the EFF website)

From what I understand the problem is related to those plugins that rely on PGP or GnuPG to automatically decrypt emails. This vulnerability could allow an attacker to read not only an encrypted message but even older messages encrypted with the same key.

while the various vendors are fixing their software EFF recommendation right now is to disable all plugins that allow to decrypt emails automatically and not to decrypt messages inside the mail software but instead, export them and decrypt them offline.

Here you can find a list of good procedures to disable the affected plugins and how to export encrypted emails to be read using offline tools: Pretty Good Procedures for Protecting Your Email