THERE IS NO PGP ATTACK VECTOR! PGP IS SANE!

the problem is the mail client: so mail clients SHOULD disable loading of external or embedded content for encrypted mails.

The attack vector requires injected plaintext into the encrypted mail, and then using the exploit, it will exfiltrate the originally encrypted data as soon as any recipient’s mail client accesses (or decrypts) the message

It should be noted that to perform an eFail attack, an attacker must have access to your encrypted emails, which is then modified in the following way and send back to you in order to trick your email client into revealing the secret message to the remote attacker without alerting you.”

https://thehackernews.com/2018/05/efail-pgp-email-encryption.html

https://thehackernews.com/2018/05/pgp-smime-email-encryption.html

https://www.heise.de/amp/meldung/Kommentar-Efail-ist-ein-EFFail-4050153.html

thanks goes to: https://www.heise.de/amp/meldung/Kommentar-Efail-ist-ein-EFFail-4050153.html

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin