Efail

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

Kommentar: Efail ist ein EFFail (Heise article)

2018/5/16 - two days after the public disclosure, Heise published a commentary about the disclosure process.

PGP ist nicht kaputt. Wenn man allerdings große Teile der Berichterstattung über die Efail-Lücken verfolgt hat, könnte man zu diesem Schluss

...Read more
Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now (Ars Technica article)

2018/5/14: Screenshot of ARS TECHNICA article about EFAIL.

Given the track record of the researchers and the confirmation from EFF, it's worth heeding the advice to disable PGP and S/MIME in email clients while waiting for more details to be released

...Read more

People Are Freaking Out That PGP Is ‘Broken’—But You Shouldn’t Be Using It Anyway (Motherboard, screenshot)

EFAIL bundle

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)
PGP und S/MIME abschalten (Golem article)
Major eFail Vulnerability Exposes PGP Encrypted Email -- UPDATED (Forbes article)
Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)
Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)
Efail or OpenPGP is safer than S/MIME (W. Koch email)
#EFail - the security industry and the importance of nuance (HackDefense article)
Encrypted Email Has a Major, Divisive Flaw (Wired article)
S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register article)
PGP und S/MIME: E-Mail-Verschlüsselung akut angreifbar (Heise Security article)
No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)
A unified timeline of Efail PGP disclosure events
Efail: What A Disclosure FAIL That Was! (RBS article)
Statement on Efail research (Gpg4win)
Email Is Dangerous (The Atlantic article)
efail: Outdated Crypto Standards are to blame (Hanno's blog)
Die wichtigsten Fakten zu Efail (Golem article)
What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)
How To Turn PGP Back On As Safely As Possible (EFF article)
HTML MAils have no Security Concept and are to blame (Hanno's blog)
Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)
Encryption? This time it'll be usable, Thunderbird promises (The Register article)
Sebastian Schinzel Tweet about EFAIL vunlerability

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (Poddebniak's Usenix Presentation)

Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now (ARS TECHNICA, screenshot)

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

Efail full disclosure (Sebastian Shinzel's Tweet)

Efail: Welche E-Mail-Clients sind wie sicher? (Heise article)

2018/05/23 an article published in Heise some days after EFAIL public disclosure. It discusses the status of some fixes in email clients.Read more

A unified timeline of Efail PGP disclosure events

2018/05/16: Timeline of the Efail vulnerabilities disclosures to PGP vendors and usersRead more

PGP und S/MIME: So funktioniert Efail (Heise, screenshot)

Subscribe to Efail
Need help with PECE?
Join the PECE Slack channel