Re: GnuPG EFAIL
Hello tbbeta, On Mon, 14 May 2018, at 16:54:42 [GMT +0200] (which was 16:54 where I live) Martin wrote: > I hope development team will check EFAIL vulnerabilities as soon as > possible Some important information related to GnuPG! Update to GPG 2.2.8 and GnuPG 1.4.23! With newer GnuPG encrypted/sigend content has to use MDC. With chanegd content GnuPG will fail to decrypt. https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html https://dev.gnupg.org/T4012 GPG 2.2.8: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.8_20180608.exe https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.8_20180608.exe.sig GnuPG 1.4.23: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32cli-1.4.23.exe https://gnupg.org/ftp/gcrypt/binary/gnupg-w32cli-1.4.23.exe.sig -- Regards Gwen Using The Bat! Version 8.3.0.27 (BETA) (32-bit) on Windows 10.0 (Build 17134 ) pgp1EFFkHKDnm.pgp Description: PGP signature Current beta is 8.3.0.27 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: GnuPG EFAIL
Hello tbbeta, On Mon, 14 May 2018, at 16:54:42 [GMT +0200] (which was 16:54 where I live) Martin wrote: > Hi list > I hope development team will check EFAIL vulnerabilities as soon as > possible We really need a solution to check for Warnings in OpenPGP error message window after checking signature/encryption. Currently a Warning is ignored and user gets a green OK sign. :( -- Regards Gwen Using The Bat! Version 8.3.0.6 (ALPHA) (32-bit) on Windows 10.0 (Build 17134 ) pgpAodyuLZGcT.pgp Description: PGP signature Current beta is 8.3.0.6 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: GnuPG EFAIL
Hello Maxim, On Mon, 14 May 2018, at 16:54:42 [GMT +0200] (which was 16:54 where I live) Martin wrote: > I hope development team will check EFAIL vulnerabilities as soon as > possible Please check this https://www.benthamsgaze.org/2018/05/15/tampering-with-openpgp-digitally-signed-messages-by-exploiting-multi-part-messages/ and https://www.benthamsgaze.org/wp-content/uploads/2018/05/emailmodification.zip -- Regards Gwen Using The Bat! Version 8.3.0.6 (ALPHA) (32-bit) on Windows 10.0 (Build 17134 ) pgptY47u7cR_7.pgp Description: PGP signature Current beta is 8.3.0.6 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: GnuPG EFAIL
Hello Eddie! On Wednesday, May 16, 2018 at 12:38:23 PM you wrote: > What I understand is that it is vulnerable when sending HTML mails. So > I presume ordinary "Text" mails are ok. Ordinary, plain text mail is alright. Do not send HTML, make plain text the default for viewing mails, check links before clicking, do not let TB download additional contents automatically. Be careful who sends you mail. -- Dierk Haasis [DH² Publishing] www.DH2Publishing.info Twitter: Evo2Me 8.3.0.6 (ALPHA) on Windows 10 0 17134 Die Tatsache, dass eine [im konventionellen Sinn] technisch fehlerhafte Fotografie gefühlsmässig wirksamer sein kann, als ein technisch fehlerloses Bild, wird auf jene schockierend wirken, die naiv genug sind zu glauben, dass technische Perfektion den wahren Wert eines Fotos ausmacht. [Andreas Feininger] Current beta is 8.3.0.6 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: GnuPG EFAIL
Hi Maxim, --->>> Maxim Masiutin / Monday 14-May-18, 23:21:32 GnuPG EFAIL > My first glance shows that The Bat! is not vulnerable to these > kinds of attacks, but we will check more. What I understand is that it is vulnerable when sending HTML mails. So I presume ordinary "Text" mails are ok. -- best regards | Using The Bat! Version 7.4.16.13 (BETA) (32-bit) Eddie | on Windows 7 6.1 | Build 7601 Service Pack 1-BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v3 mQINBFq80rYBEACqNLuBiFzDZzyKsGHSttiaMLrig3XLXo8Kqw45w7v+tuIoOqaH 1R4dZA2rKVKfjr1rKEZnNXy5gK5OskVlXEjNVnKQQIKsQ65IYYluD+EQdXDSq6et LtowZk7XICwO46WswUEcyP5ANQ058cro84rOygDMytTXnzDMxVhxhtkkusXLOlBy F4tAXZMsna6vWH9nvG/2Ayl8hBku8+PXjY+ayv6tQUyJ+p0etvw5hdYYk4rSMXM+ jUIAhzBatoFR0NLCyEGHkoKgd2S1WYCjdouCzGq/0VS/As+rEKnDRBH+gSnp14TI tjqK6C+nlM9XlzMZZwDSg840GG/yu31wgdMJqkG9gUSu1n2RxQI6M4C6WnX0Zpnz gOYUEyETo9TB7LYQy4VHHyQvWBiNxJMfR5/2/Z3YElEEu++oynuIDOqU8dBNjkRl e9vln2/jxl39SE00vHnCy82DvFKUSuGbn4MBwJ+0Z5j0739thsPGMXc4Z3Ssepjl dE6AtMU2SHu2c3gzw8tKFo/k3hWQ+p1zUZIYaXns4rHdJ1BqeXS9EdCVJ8+jXtAd W48HT+YKRCigz+Hn6ox0Y2UQX+rAw7EcywGrnkSLo+atd51ZfcunTcnTUGaQQeLm BEKT0Qfc1ZxkXoJBnG8A9lIlT7stz9EuZ3rplGCjvQsjkGsBCC/a9z+z0wARAQAB tC9FZGRpZUNhc3RlbGxpXzUwbWluQ29hY2ggPGVkZGllQDUwbWluQ29hY2guY29t PokCTgQTAQgAOBYhBIuxw0ZMlhNnsTgYsJX/PX8YOhd2BQJavNK2AhsjBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAAoJEJX/PX8YOhd2mxcP/0vJiNTZRvHYNNjCZANv VDq6+Kachb508lTGXvWBhBscwRq+a1CpABtow7HF130hb+tsAFttdeuKPgCEVwa0 Wb86kHRcyN63e1TV8U94g/uRLhKl4AKsHw2a1NrZy+OM8vfZzNroz67i4uJKjk3i WXloxDS45UkQCwMsmRkM+w6xZcjPWKUTJTtTpGDBX/Se9gaF1gHDZsqyaQz01S9o v3TjVDK8ilpX7tNn9lawgHYnrAddOXsFhPTf1Igc4eN4b5rZgCHhGxNChWEw5+Yq Z1JoJ29JPxGpbP8PPKrCVCXwfiR/tSxFNRrb8ntTUduNrH992HTFK2SY9/SslKgx 1kJPXmvAIyXJ1GogIIAdaZ50HfIXVe/6grF+zIZtEclNt41zxygPNoOAgLAGoQQe 70rKI/u/+fXRn4o9DL3IXBe+WoDGAZvy9F/6Wn+1eqt/jMsZNegylu1kiaMj3Jpi PmPLzHaTGQzsWVA9jSPYfdFqCC8m+Z2N24fBUm+zd8IKj6acjytRnBYC15Hyja2z x8iVmdYQrIvnwxVQhTaxkeoBa9SgNJ7d5eF1rt0B67HwBBo4RkFHmsVImHKHBOI9 lTjFz2pNzu7f2nO7pLJ1+T3iObAEPvZ8enez6i39oCs+j5u+CsAiAklN1BOrblB7 LdT62eQFIrfjgX6PTszYEEx3tC9FZGRpZUNhc3RlbGxpXzUwbWluQ29hY2ggPDUw bWluQ29hY2hAZ21haWwuY29tPokCTgQTAQgAOBYhBIuxw0ZMlhNnsTgYsJX/PX8Y Ohd2BQJavNOVAhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJX/PX8YOhd2 qowP/A1i/n6VDWDrXTfRhwNDF7RsqdhTyFRXw2oz80Vfhcmiy35r2300nesoVgWO CClVLT6k1qvd9HDvrRpoRL1daFMuln4p8xpUP0+LV5Ewevx78x7wZxM/U/LoFmAt ZQOYHxsNtRrEhre3nON9T6Hvtrl9R+dW+x/8bs1iGQSug+/v+3CAabcUvN3GJDu2 C73AXZXgBagMv9n/ZGjnh808hQzF08k+euSBWihOoe6lVc3uTLojIvCqMlFAaF9i 8g3o+hUXGYyGfk7ppGaByYm7ynE17NycDoX7kSMDysvxSftATRjOE18sUWvBzmyG qRI9gWMCZtrTRKDK0S/MZ03FLGnlFpiwPscryPsUV60Uha0NzxyhgIuouvsZQ1jY EMlAc/x+OIYv0rvnNCSEeebLzK9jIa1U8d03hNgeWk395MuhRXS295VEf+I20RCS QL4fQTwxqeVGL0Z9+JI/0AlO0OXAMs6YbF5fmwONd5ASx9L0HdFCiJiLcGldr30v bTFz0jgoJKSgWX4OPivKvUrJzI1xXfYVxnfH7DO/o78c7W6PNSewIpMlUAn2ttDa irYr0N96LC3TLWx8Y9jur3X4bC7Yp8BrppN0SjjjMxOv7g16eIWlWoCgO/Ea45n/ E9QwrrNOJxdX7fe25EBqNgKpTxUPqIdpy4POQg2Xj1whUwakuQINBFq80rYBEACz DNkIueLbYzGlIh4Hpmqz9uUIhvIzExdgY0cxQI0BN/Qf3Pa6v6GmuU0+BmGwSElp qZ4GNhiqPyMvyxKorQJnEu5wfToBVkMWg/IPJZnOgF+RP9CDvwebw9uzp747YOk4 jHYKqdY/+/L6p2abKcbQWHAZfrp9SQHv0EKp1yqe4ldgHdJ/97BU7FXB6y9a5cfu +Z0YiMh08Ssc3YRR7w8Prw1dnCd47nut3LoZJsONBCHfrzzNjMn3a0MnB93eB7+h CMg7YEjOhtdiFSHwEMdq2T8HLXot7ZWCG6hOzaeKhgY/2oVAokl8AIKmLv/zwMw1 y+YhCaB2uFyWMRWupFiogxlrCUURGAFpTrI2R18rxTKpuDDDjdflknHQ/8Yyc1nc +iMRAyzXxU9aCk4DfTRZH2JQH/O9yv/4Oq3RNfco4ZdPk0IHKM9fchiXc2Nz25vk fvB9fDvL93fN1MnGKPDmdirHimnaO7bwC4WsiJVK0ROvlhdA7QktvJkGdIRJMGb6 MgYE4B840xD7p9Pa4Ezg64OT7HCX+NlsPKTVLIcfrWsBsfjzkak7LTxPBVoPOz7t +tb93k33Xq5bVM9+pLUHyRnFTaGH1aVY/V5fVqa1+7JyO6yC8279Yx+BTcSd2w+1 QNmcqIkTSgjy9LyO+NAchMfD4kbQC4/WdTSzXNEG6wARAQABiQI2BBgBCAAgFiEE i7HDRkyWE2exOBiwlf89fxg6F3YFAlq80rYCGwwACgkQlf89fxg6F3Z4Sw//RhnI uu2chbM95io9oAWlj1iPTpcUALXX/z0DTYYCEqLqBgAt8x0hW/KhIA0AtTu1+76D J3OIpcyR/5FF2ByabWqW9CsQa8JBHyQzBuVxMsCSEFnpbZSug64o+eg1fpM+26Ow gPtTcjcJBu6tknJWeRY/ZB5qw9myeDo1ymyc80ucHl0IUC7Mbjrtc1eztVmMIsAR DFULbuAHhldYA3AtNtPWkx/qGAliT6BgO+eW2UGofsGOAD8ZifhuU8lgucYF1r2S LKJP3O2arqXo2SsSnYj8vdUZjkRrtGg6jFeHm73OcrDONAft+lGSVI67ctgJsJp3 QPizW+xqjRjSMYtZUYLCIiO5UYw4hYaIuG/9tjpnIWIrc9miZGO9o+2Gr25s6egj EVESZSP6cc8Tr7EuotoFuPIf+iNCZoZKA/XeZIWH/plNxjL5WlDdWJYyEjoxLSfO B0RpoJ312xTS0tc5D5CP14RMI44gfgnhwJFahGzg1jJ9BVt290m5NWF9dBm0yJYk RmW1GofRjRgTS1v7ORiN5zrAT+yofztlslUV805toBzbxxP1n0K19XiedeKc0MuS fY33cyosSZ3RQ0SX1s60R+eg1E7as2Um7s3wHOlwjGzYJYfDsgcrnfFkeaHIswHf V/NNQ2sYm0Zl1OBH9esO1I4RVWCkhPE0lG5MNQ8= =qGgp -END PGP PUBLIC KEY BLOCK- pgpEVHhuirM18.pgp Description: PGP signature Current beta is 8.3.0.6 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: GnuPG EFAIL
On Monday, May 14, 2018, 5:21:32 PM, Maxim Masiutin wrote: > My first glance shows that The Bat! is not vulnerable to these > kinds of attacks, but we will check more. There is a table mail clients in the Ars article linked below which suggests that TB! is not vulnerable to the PGP issues, but might be to the SMIME issues, although user interaction is required. The same appears to apply to most recent mail clients, which does make the issue appear a bit overblown: https://arstechnica.com/information-technology/2018/05/decade-old-efail-attack-can-decrypt-previously-obtained-encrypted-e-mails/#p3 -- Julian Using The Bat! v8.3 on Windows 10.0 Build 16299 Current beta is 8.3.0.6 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: GnuPG EFAIL
My first glance shows that The Bat! is not vulnerable to these kinds of attacks, but we will check more. Current beta is 8.3.0.6 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
