Researchers warn of critical flaw affecting PGP and S/MIME

Daniel Sambraus—EyeEm  Getty Images

Daniel Sambraus—EyeEm Getty Images

EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

One of the researchers who discovered the exploit said in a tweet that there are no reliable fixes for the vulnerability.

Mauricio Pochettino: 'Tottenham Hotspur need to take risks'
Third place was sealed after Harry Kane and Erik Lamela both scored twice while Christian Fuchs sored an own goal. With the scores level at 4-4, Vardy slammed in an equaliser for Leicester after a deft pass by Mahrez.


"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email".

Researcher Sebastian Schinzel, a professor of computer security with Münster University of Applied Sciences, claims to have identified a security flaw that "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past". "Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email", the EFF wrote in a blog post, which offers tutorials on how to disable popular plug-ins for Thunderbird, Apple Mail and Outlook.

Gaza: heurts à la frontière israélienne avant l'ouverture de l'ambassade US
C'est le premier épisode d'une semaine où se succèdent des événements lourds de signification et de menaces. Le sang devrait de nouveau couler en Israël et dans les territoires occupés.


Without knowing any details of the vulnerability, I might also add that generally disabling HTML email is a jolly good idea from the security point of view as it can reduce your attack surface considerably.

A more detailed explanation and analysis will be forthcoming once the research is formally released tomorrow, but the vulnerabilities are thought to affect both PGP and the S/MIME public key encryption standard. In the meantime, they are recommending that users stop using PGP and S/MIME for now.

Iran Upbeat About Oil Exports Despite Sanction Threat
Le Maire said Paris would seek to strengthen Europe's ability to block sanctions and provide investment finance to companies. They will grumble and accept it.


Latest News