It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out.
Efail is still a serious risk, but progress has been made. EFF has published some guidance on how to assess if using GPG/PGP now will protect you or make you more vulnerable, and how to use encrypted email in a way that protects you as much as possible from Efail attacks.
Thunderbird and Enigmail’s developers have been working on ways to protect against the EFAIL vulnerabilities. As of version 2.0.6 (released Sunday May 27), Enigmail has released patches that defend against all known exploits described in the EFAIL paper, along with some new ones in the same class that other researchers were able to devise, which beat earlier Enigmail fixes. Each new fix made it a little harder for an attackerto get through Enigmail’s defenses. We feel confident that, if you update to this version of Enigmail (and keep updating!), Thunderbird users can turn their PGP back on.
But, while Enigmail now defends against most known attacks even with HTML on, the EFAIL vulnerability demonstrated just how dangerous HTML in email is for security. Thus, we recommend that Enigmail users also turn off HTML by going to View > Message Body As > Plain Text.
How To Turn PGP Back On As Safely As Possible
[Erica Portnoy and Danny O'Brien/EFF Deeplinks]
Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities.
Few states have voting machines that are simultaneously more obviously defective and more ardently defended by the state government than Georgia, where 16-year-old touchscreen systems are prone to reporting ballots cast by 243% of the eligible voters and where gross irregularities in election administration sends voters to the wrong polling places or sends co-habitating husbands […]
Apple's Faceid -- a facial recognition tool that unlocks mobile devices -- has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness.
If there’s one thing that stayed consistent through the last decade or so of tech industry turmoil, it’s the love affair between techies and Linux. There’s just a ton you can do with the OS, and its open-source format means you can customize your rig from the ground up. Apparently not content with that level […]
Accidents happen. And when they do, you’re going to want a dash cam for a second pair of eyes. At the minimum, a decent dash cam can save you vast sums of time and money in case of an accident. But a really good dash cam can do a whole lot more. Here are six […]
The field of data analytics is growing as fast as the internet itself. Self-driving cars, airline pricing, and huge marketing campaigns are all driven by the insights that data scientists can distill out of vast sums of information. Even with the help of powerful software like Python, it’s a highly skilled position. But those skills […]