SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (NeoPG blog post)

2018/06/13: Blog post on the "SigSpoof". Marcus Brinkmann found this vulnerability that allows spoofing “signed” messages that are not actually signed. This post proves the vulnerability and shows the medias' reactionsRead more

Efail: What A Disclosure FAIL That Was! (RBS article)

2018/05/16: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more

EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)

2018/05/14: EFF statement regarding the newly disclosed vulnerabilities affecting PGP and S/MIME usersRead more

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

Encryption? This time it'll be usable, Thunderbird promises (The Register article)

2019/01/04: Article on the developpement of Encryption by ThunderbirdRead more

Negociation as a drawback?

The authors make a bold statement:

If we've learned 3 important things about cryptography design in the last 20 years, at least 2 of them are that negotiation and compatibility

...Read more
Kommentar: Efail ist ein EFFail (Heise article)

2018/5/16 - two days after the public disclosure, Heise published a commentary about the disclosure process.

PGP ist nicht kaputt. Wenn man allerdings große Teile der Berichterstattung über die Efail-Lücken verfolgt hat, könnte man zu diesem Schluss

...Read more
Subscribe to OpenPGP