THERE IS NO PGP ATTACK VECTOR! PGP IS SANE!
the problem is the mail client: so mail clients SHOULD disable loading of external or embedded content for encrypted mails.
“Email clients are usually configured to automatically decrypt the content of encrypted emails you receive, but if your client is also configured to load external resources automatically, attackers can abuse this behavior to steal messages in plaintext just by sending you a modified version of the same encrypted email content.
The attack vector requires injected plaintext into the encrypted mail, and then using the exploit, it will exfiltrate the originally encrypted data as soon as any recipient’s mail client accesses (or decrypts) the message
It should be noted that to perform an eFail attack, an attacker must have access to your encrypted emails, which is then modified in the following way and send back to you in order to trick your email client into revealing the secret message to the remote attacker without alerting you.”
https://thehackernews.com/2018/05/efail-pgp-email-encryption.html
https://thehackernews.com/2018/05/pgp-smime-email-encryption.html
https://www.heise.de/amp/meldung/Kommentar-Efail-ist-ein-EFFail-4050153.html
thanks goes to: https://www.heise.de/amp/meldung/Kommentar-Efail-ist-ein-EFFail-4050153.html
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!