Musings tagged as pgp

PGP Vulnerabilities Discovered

Mon, May 14, 2018

Security researchers have discovered vulnerabilities within implementations of PGP and S/MIME. Now, apparently the GnuPG team was not contacted beforehand and they dismiss the recommendation of the researchers, to immediately stop using anything PGP or S/MIME related, as overblown.

While the researchers refused to immediately disclose the exact nature of the vulnerabilities the GnuPG team has released a statement. The gist of the vulnerabilities seems to be using malicious scripts to exploit broken MIME parsers. This also means that you are only vulnerable if you are using HTML mails, in which case you are evil anyway. ;)