It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out.
Efail is still a serious risk, but progress has been made. EFF has published some guidance on how to assess if using GPG/PGP now will protect you or make you more vulnerable, and how to use encrypted email in a way that protects you as much as possible from Efail attacks.
Thunderbird and Enigmail’s developers have been working on ways to protect against the EFAIL vulnerabilities. As of version 2.0.6 (released Sunday May 27), Enigmail has released patches that defend against all known exploits described in the EFAIL paper, along with some new ones in the same class that other researchers were able to devise, which beat earlier Enigmail fixes. Each new fix made it a little harder for an attackerto get through Enigmail’s defenses. We feel confident that, if you update to this version of Enigmail (and keep updating!), Thunderbird users can turn their PGP back on.
But, while Enigmail now defends against most known attacks even with HTML on, the EFAIL vulnerability demonstrated just how dangerous HTML in email is for security. Thus, we recommend that Enigmail users also turn off HTML by going to View > Message Body As > Plain Text.
How To Turn PGP Back On As Safely As Possible
[Erica Portnoy and Danny O'Brien/EFF Deeplinks]
The Internet of Dongs is Brad Haines's term for the world of internet-connected, "teledildonic" sex toys, and Haines, along with Sarah Jamie Lewis, have exhaustively documented all the ways in which internet-connected sex toys can screw you, from leaking private data to physically attacking your junk.
The NSO Group is an Israeli firm that has long marketed itself as a “cyber warfare” company, selling mobile surveillance technology to governments that include notoriously corrupt human rights abusers. One of these is Mexico, where NSO spyware played a key role in targeting teachers and journalists, and missing students. On Thursday, NSO Group announced […]
That massive Equifax data breach on September 7, 2017, shocked everyone, but a year and a half later, where the data of all those 143 million Equifax users ended up is still a mystery.
Breaking into the indie video game market may be easier than you think. It all starts with an idea, and then it’s a matter of finding the right development platform to bring it to life. No matter what that platform is, it’s a good bet that it’s covered in the 2019 Game Dev & Design […]
Learning a new language like Spanish doesn’t have to be hard. Either you can buy a ticket to a Spanish-speaking country, immerse yourself in the culture and pick it up intuitively – or you can do it from the comfort of the chair you’re in right now by logging on to Rocket Spanish. There are […]
When it comes to Valentine’s Day gestures, we encourage you to make the date your own. But we’ve got to admit, you can’t beat the classic appeal of a well-picked, perfectly arranged bouquet of roses. And whether you need them delivered at home or to a long-distance lover, the best call is Teleflora’s Valentine’s Day […]