[colug-432] GPG/PGP vulnerability
Rick Hornsby
richardjhornsby at gmail.com
Tue May 15 11:46:16 EDT 2018
On May 14, 2018 at 6:29:13 PM, Roberto C. Sánchez (roberto at connexer.com)
wrote:
On Mon, May 14, 2018 at 02:26:16PM -0700, Rick Hornsby wrote:
>
> It feels like we’re dealing with the same thing. Unless GPG has some kind
> of code exploitation bug or built-in scripting engine that’s being abused,
> I’m having difficulty finding fault with GPG here.
>
I agree. EFF's reaction to this and their recommendation seem far off
base and out of step with what I have come to expect of them. Anybody
who is serious about security is already aware of the dangers of HTML
(you summarized the issues nicely in your message, though I did not
quote it here).
https://9to5mac.com/2018/05/14/apple-mail-security-flaw-encrypted-email/
9to5mac has more/different detail than the EFF post. Unfortunately it
confirms my suspicion that HTML (more specifically a client's outbound
request for remote content) is the problem, but also that the near-term
mitigation is easy - don’t allow remote content to load.
Also as per the article, I was wrong about iOS. [ Settings > Mail > Load
Remote Images ] can be turned off.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20180515/dea97924/attachment.html
More information about the colug-432
mailing list