[Cryptography] FW: [13 Principles] An important urgent notice from EFF regarding PGP and S/MIME communications.

James S. Tyre jstyre at jstyre.com
Mon May 14 02:48:48 EDT 2018 


--
James S. Tyre
Law Offices of James S. Tyre
10736 Jefferson Blvd., #512
Culver City, CA 90230-4969
310-839-4114/310-839-4602(fax)
jstyre at jstyre.com
Special Counsel, Electronic Frontier Foundation
https://www.eff.org

-----Original Message-----
From: Principles <principles-bounces+jstyre=jstyre.com at lists.eff.org> On Behalf Of Katitza Rodriguez via Principles
Sent: Sunday, May 13, 2018 11:32 PM
To: 13 Principles <principles at eff.org>
Subject: [13 Principles] An important urgent notice from EFF regarding PGP and S/MIME communications.

https://twitter.com/seecurity/status/995906638556155904

https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

Dear Colleagues,

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

The full details will be published in a paper on Tuesday at 07:00 AM UTC
(3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

Please refer to these guides on how to temporarily disable PGP plug-ins in:

Thunderbird with Enigmail:
https://www.eff.org/deeplinks/2018/05/disabling-pgp-thunderbird-enigmail

Apple Mail with GPGTools:
https://www.eff.org/deeplinks/2018/05/disabling-pgp-apple-mail-gpgtools

Outlook with Gpg4win:
https://www.eff.org/deeplinks/2018/05/disabling-pgp-outlook-gpg4win

These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community.

We will release more detailed explanation and analysis when more information is publicly available.

Please feel free to forward this message to those who may be affected.

Thank you,

Danny O’Brien
Electronic Frontier Foundation

Katitza Rodriguez
Electronic Frontier Foundation
_______________________________________________
Principles mailing list
Principles at lists.eff.org
https://lists.eff.org/mailman/listinfo/principles

More information about the cryptography mailing list