Ben Sturmfels

Yikes, EFF warning of PGP vulnerability - action required

Ben Sturmfels at

Just repeating this warning from EFF. They're suggesting temporarily disabling auto-decryption of PGP-encrypted mail pending the full vulnerability announcement.

"A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages."

unsigned_nerd, unsigned_nerd shared this.

Show all 159 replies
I'm still not sure what to do with the way this vulnerability was presented/hyped.

Tobias Diekershoff at 2018-05-16T05:59:42Z

I was never keen on email clients executing javascript that turns up in email by default

that always looked dangerous

Michael at 2018-05-16T16:14:31Z

This press release from gpg has relevant informations

(sorry if it has already been posted and was lost in the client-glitch repeated comments)

Elena ``of Valhalla'' at 2018-05-18T15:01:22Z

Thanks Elena, I hadn't had a chance to look into the the reality of issue. This is a helpful article.

Ben Sturmfels at 2018-05-19T02:20:58Z