[colug-432] GPG/PGP vulnerability

Rick Hornsby richardjhornsby at gmail.com
Tue May 15 11:46:16 EDT 2018

On May 14, 2018 at 6:29:13 PM, Roberto C. Sánchez (roberto at connexer.com)

On Mon, May 14, 2018 at 02:26:16PM -0700, Rick Hornsby wrote:
> It feels like we’re dealing with the same thing. Unless GPG has some kind
> of code exploitation bug or built-in scripting engine that’s being abused,
> I’m having difficulty finding fault with GPG here.
I agree. EFF's reaction to this and their recommendation seem far off
base and out of step with what I have come to expect of them. Anybody
who is serious about security is already aware of the dangers of HTML
(you summarized the issues nicely in your message, though I did not
quote it here).


9to5mac has more/different detail than the EFF post. Unfortunately it
confirms my suspicion that HTML (more specifically a client's outbound
request for remote content) is the problem, but also that the near-term
mitigation is easy - don’t allow remote content to load.

Also as per the article, I was wrong about iOS. [ Settings > Mail > Load
Remote Images ] can be turned off.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20180515/dea97924/attachment.html 

More information about the colug-432 mailing list