THERE IS NO PGP ATTACK VECTOR! PGP IS SANE!

the problem is the mail client: so mail clients SHOULD disable loading of external or embedded content for encrypted mails.

The attack vector requires injected plaintext into the encrypted mail, and then using the exploit, it will exfiltrate the originally encrypted data as soon as any recipient’s mail client accesses (or decrypts) the message

It should be noted that to perform an eFail attack, an attacker must have access to your encrypted emails, which is then modified in the following way and send back to you in order to trick your email client into revealing the secret message to the remote attacker without alerting you.“

https://thehackernews.com/2018/05/efail-pgp-email-encryption.html

https://thehackernews.com/2018/05/pgp-smime-email-encryption.html

https://www.heise.de/amp/meldung/Kommentar-Efail-ist-ein-EFFail-4050153.html

thanks goes to: https://www.heise.de/amp/meldung/Kommentar-Efail-ist-ein-EFFail-4050153.html

admin