Researchers warn of critical flaw affecting PGP and S/MIME

Daniel Sambraus—EyeEm  Getty Images

Daniel Sambraus—EyeEm Getty Images

EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

One of the researchers who discovered the exploit said in a tweet that there are no reliable fixes for the vulnerability.

Gaza: heurts à la frontière israélienne avant l'ouverture de l'ambassade US
C'est le premier épisode d'une semaine où se succèdent des événements lourds de signification et de menaces. Le sang devrait de nouveau couler en Israël et dans les territoires occupés.


"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email".

Researcher Sebastian Schinzel, a professor of computer security with Münster University of Applied Sciences, claims to have identified a security flaw that "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past". "Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email", the EFF wrote in a blog post, which offers tutorials on how to disable popular plug-ins for Thunderbird, Apple Mail and Outlook.

15 killed as blasts, gunfire rock Jalalabad
Security forces were able to rescue around 50 employees stuck in the building during the attack, he added. But the Islamic State group has also stepped up attacks in recent months, particularly in Kabul.


Without knowing any details of the vulnerability, I might also add that generally disabling HTML email is a jolly good idea from the security point of view as it can reduce your attack surface considerably.

A more detailed explanation and analysis will be forthcoming once the research is formally released tomorrow, but the vulnerabilities are thought to affect both PGP and the S/MIME public key encryption standard. In the meantime, they are recommending that users stop using PGP and S/MIME for now.

Over 50 killed in India due to lightning and thunderstorms
Reports pouring in from Uttar Pradesh said almost 100 houses were gutted in a fire which broke out due to lightning in Sambhal. In a tweet, Prime Minister Narendra Modi said: "Saddened by the loss of lives due to storms in some parts of the country".


Latest News