Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw
Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.
A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper includes a proof-of-concept exploit that can allow an attacker to use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim. The proof of concept is only one implementation of this new type of attack, and variants may follow in the coming days.
Top 5 Security links