January 24, 2022

Privacy: Major Flaw Found in Secure Email Tech PGP (Pretty Good Privacy) and S/MIME

From the BBC:

PGP (Pretty Good Privacy) is a data encryption method sometimes added to programs that send and receive email.

Details about the vulnerability were released by the Suddeutsche Zeitung newspaper prior to a scheduled embargo.

Previously, the Electronic Frontier Foundation (EFF) had advised immediately disabling email tools that automatically decrypted PGP.


Read the Complete Article

See Also: Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated] (via ars technica)

Additional Resources

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw (via EFF)

Attention PGP Users: New Vulnerabilities Require You To Take Action Now (via EFF)

EFAIL Website
From group that discovered vulnerability.

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.

About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.