[Cryptography] FW: [13 Principles] An important urgent notice from EFF regarding PGP and S/MIME communications.
Tom Mitchell
mitch at niftyegg.com
Mon May 14 20:38:12 EDT 2018
On Mon, May 14, 2018 at 12:07 PM, Jack Harper <harper at secureoutcomes.net>
wrote:
>
>
> At 12:48 AM 5/14/2018, James S. Tyre wrote:
>
>> ...An important urgent notice from EFF regarding PGP and S/MIME
>> communications. https://twitter.com/seecurity/status/995906638556155904
>> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-ne
>> w-vulnerabilities-require-you-take-action-now Dear Colleagues, A group
>> of European security researchers have released a warning about a set of
>> vulnerabilities affecting users of PGP and S/MIME....
>>
>
>
> Am I correct that the found PGP flaw appears to only affect enciphered
> e-mail traffic and not files that are enciphered by PGP but not mailed?
>
> I use PGP to protect sensitive files on my laptop when traveling etc.
>
> Thoughts?
>
Thought or speculation...
One of of the Efail https://efail.de/ bugs and attacks involves
previously harvested messages.
So yes, I think there is a risk if your sensitive files had been
harvested. Perhaps someone could
craft a message that presents them as S/MIME attachments and trick you to
act
on them. So one 'speculation is a TLA at a border or other opportunity
might have
copies and send you a message via a friend from your contact list and ...
Enigma mail in ThunderBird does have an option to automatically decrypt
files.
Most agents have auto download of "images" that might then be
previously harvested encrypted content.
I have shut off Mailvelope in Gmail as an unknown and and removing it for
now.
In once case the advice is to remove/move all keys from the visibility
of your mail client.
The linux kernel mailing list may have the correct strategy ;-)
but that is a slight diversion. From their FAQ:
- (MEA) Some structures are forbidden as they appear to be used way too
much in SPAM mail. Specifically, messages with Content-Type:
text/html either
as the only (primary) message, or as ANY of component sub-messages are
considered spam, and rejected outright without any info to the sender.
Also, any message with header matching the regular expression:
X-Mailing-List:.*@vger.kernel.org is considered to be LOOPING somewhere,
and is thus diverted to list-owner.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180514/c344e789/attachment.html>
More information about the cryptography
mailing list