Embargo has been broken. Here's the full details: https://efail.de
(h/t Martjin Grooten) On Mon, 14 May 2018, 09:19 Suresh Ramasubramanian, <[email protected]> wrote: > Seems to be a set of MUA bugs that are being overblown and hyped up. > > TL;DR = Don't use HTML email with some mail clients when sending pgp > encrypted mail. > > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html > > --srs > > On 14/05/18, 1:15 PM, "NANOG on behalf of George William Herbert" < > [email protected] on behalf of [email protected]> wrote: > > > This is likely bad enough operators need to pay attention. > > @seecurity tweeted: > > "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email > encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of > encrypted emails, including encrypted emails sent in the past. #efail 1/4" > > Thread starts here: > https://twitter.com/seecurity/status/995906576170053633?s=21 > > I have no particular insight into what it is other than presuming from > thread that decryption can be tricked to do bad things. > > They recommend temporary disabling downthread: > > "There are currently no reliable fixes for the vulnerability. If you > use PGP/GPG or S/MIME for very sensitive communication, you should disable > it in your email client for now. Also read @EFF’s blog post on this issue: > eff.org/deeplinks/2018… #efail 2/4" > > -george > > Sent from my iPhone > > >
