It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out.
Efail is still a serious risk, but progress has been made. EFF has published some guidance on how to assess if using GPG/PGP now will protect you or make you more vulnerable, and how to use encrypted email in a way that protects you as much as possible from Efail attacks.
Thunderbird and Enigmail’s developers have been working on ways to protect against the EFAIL vulnerabilities. As of version 2.0.6 (released Sunday May 27), Enigmail has released patches that defend against all known exploits described in the EFAIL paper, along with some new ones in the same class that other researchers were able to devise, which beat earlier Enigmail fixes. Each new fix made it a little harder for an attackerto get through Enigmail’s defenses. We feel confident that, if you update to this version of Enigmail (and keep updating!), Thunderbird users can turn their PGP back on.
But, while Enigmail now defends against most known attacks even with HTML on, the EFAIL vulnerability demonstrated just how dangerous HTML in email is for security. Thus, we recommend that Enigmail users also turn off HTML by going to View > Message Body As > Plain Text.
How To Turn PGP Back On As Safely As Possible
[Erica Portnoy and Danny O'Brien/EFF Deeplinks]
Ship's captains and outside monitoring firms have reported waves of GPS jamming around Shanghai's ports, on a scale and of a severity never seen before: the jamming causes ships' locations to be incorrectly displayed and to jump around; the observations were confirmed via an anonymized (sic) data-set from a short-hire bike firm, whose bikes are […]
I love what iOS 13 has brought to my iPhone’s party. I’m not attached, however, to how frigging buggy it’s been.
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
Need a boost on that resume? Get a valuable tech education on your own time with these eBook bundles. They contain guides from Packt Publishing that cover everything from game development to machine learning. The Complete Mobile App Developer eBook Bundle It’s a veritable gold rush in the App Store these days. Get in on […]
Vinyl is officially back. People are hearing the proof behind the initial “retro” excitement: that records really do have a richer sound. And if you haven’t switched to old-school records for serious listening, it’s a new golden age. Why? Because quality turntables like the Altec Lansing ALT-500 are finally available to a market other than […]
Between all of our apps, streaming devices, Bluetooth speakers, and energy-sucking decorations, paying for utilities each month can be…brutal. In fact, the average household spends roughly $70 a month on the water bill alone. That number might not seem terribly significant, but when you add it up, that’s $840 a year — a pretty significant […]