[LACryptoparty] Fwd: [EFA] An urgent notice to our Electronic Frontier Alliance allies regarding PGP and S/MIME communications.

Tim Schwartz tim at timschwartz.org
Tue May 15 00:53:10 GMT 2018


FYI, don’t use PGP till they figure out a solution.

Begin forwarded message:

> From: nash via EFA <efa at lists.eff.org>
> Date: May 14, 2018 at 16:58:56 CST
> To: efa at lists.eff.org
> Subject: [EFA] An urgent notice to our Electronic Frontier Alliance allies regarding PGP and S/MIME communications.
> Reply-To: nash <nash at eff.org>
> 
> https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
> 
> Dear EFA allies,
> 
> As many of you provide digital security training and support for activists within your communities, we wanted to make sure you are aware of the recently disclosed vulnerabilities in PGP and S/MIME. While not cause for panic, we do think it is responsible to advise those who may be using either for sensitive communication to disable these tools for the time being. 
> 
> A group of European security researchers has released a warning about a set of vulnerabilities in both protocols. EFF has been in communication with the research team and can confirm that these vulnerabilities pose an immediate risk to those using PGP or S/MIME for email communication, including the potential exposure of the contents of past messages.
> 
> Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.
> 
> Please refer to these guides on how to temporarily disable PGP plug-ins in:
> 
> Thunderbird with Enigmail
> https://www.eff.org/deeplinks/2018/05/disabling-pgp-thunderbird-enigmail
> 
> Apple Mail with GPGTools
> https://www.eff.org/deeplinks/2018/05/disabling-pgp-apple-mail-gpgtools
> 
> Outlook with Gpg4win
> https://www.eff.org/deeplinks/2018/05/disabling-pgp-outlook-gpg4win
> 
> These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community.
> 
> Please feel free to forward this message to those who may be affected.
> 
> Thank you, as ever, for all your work,
>  -- 
> nash 
> Grassroots Advocacy Organizer
> Electronic Frontier Foundation 
> 815 Eddy St
> San Francisco, CA 94109
> 415-436-9333 ext 184
> nash at eff.org
> Become A Member! https://www.eff.org/join
> Learn more about digital security at https://ssd.eff.org/.
> Check out tools for encrypting the web at https://www.eff.org/encrypt-the-web
> _______________________________________________
> EFA mailing list
> EFA at lists.eff.org
> https://lists.eff.org/mailman/listinfo/efa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cryptoparty.is/pipermail/losangeles/attachments/20180514/4016e418/attachment.html>


More information about the LosAngeles mailing list