Choose style:

Author Topic: Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext  (Read 931 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5563
  • Karma: 991
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
EFF has warned users to immediately disable if they have installed any of the following mentioned plugins/tools for managing encrypted emails:
  • Thunderbird with Enigmail
  • Apple Mail with GPGTools
  • Outlook with Gpg4win
Until the vulnerabilities are patched, users are advised to stop sending and especially reading PGP-encrypted emails for now, and use alternative end-to-end secure tools, such as Signal (see below).

SOURCE: https://goo.gl/iyi5Rr
« Last Edit: May 14, 2018, 11:23:12 am by VinDSL, Reason: Addendum »

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5563
  • Karma: 991
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Also ...

Severe Bug Discovered in Signal Messaging App for Windows and Linux

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a messageŚwithout requiring any user interaction[...]

The good news is that the Open Whisper Systems has already addressed the issue and immediately released new versions of Signal app within a few hours after receiving the responsible vulnerability disclosure by the researcher.

SOURCE: https://goo.gl/2gfwdY

Offline mac

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1088
  • Karma: 336
    • View Profile
  • Peppermint version(s): Peppermint 7-8-9
Thanks  ;)
Peppermint: Standing Out from the Cloud
Reg. Linux User #432835

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 2885
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
I haven't used a local mail client for years (webmail via ssl) .. and I thought I was an oldschool dinosaur :)

And there's nothing in my emails that require encryption .. far too boring.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Slim.Fatz

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1920
  • Karma: 507
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Ditto !!
Regards,
-- Slim
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5563
  • Karma: 991
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Interesting. So, you guys don't send OR receive encrypted mails NOR have any sitting in your storage?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 2885
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Nope, never felt the need.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Slim.Fatz

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1920
  • Karma: 507
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Again: ditto.
But, I must admit that I do not do any work that might involve sensitive material such as you do, VinDSL;) If I did, then I would be more careful and probably do the things you seem to be doing to protect your correspondence.

Regards,

 - Slim
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5563
  • Karma: 991
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
I receive more encrypted mail than I send, but yeah. It's unavoidable.

What really buggers me up is, I've been using IMAP for years (leave all my mail on the servers). But I use different machines, and don't have all of the keys installed on all my machines.

So, yes, It's a royal PITA  ::)

Everyone has to do what works for them, you know?