[danix.xyz.git] / articles / vulnerabilities-for-pgp-and-emails.md

---
title: Vulnerabilities for PGP and emails
author: Danilo M.
type: post
date: 2018-05-15T10:04:06+00:00
excerpt: A series of vulnerabilities was discovered which affect emails encrypted with PGP and GnuPG, follow @EFF to understand more about this topic.
featured_image: /wp-content/uploads/2018/05/og-efail-resized_3.png
categories:
  - security
tags:
  - efail
  - eff
  - electronic frontier foundation
  - gnupg
  - pgp
  - security
  - vulnerability

---
following a series of tweets from the Electronic Frontier Foundation, I&#8217;m reblogging their article to give it even more visibility on a topic that many don&#8217;t seem to know, which is email encryption.

A group of researchers has found out [and published][1] a series of vulnerabilities affecting the use of PGP for email encryption (you can read more in depth coverage on this topic on the [EFF website][2])

From what I understand the problem is related to those plugins that rely on PGP or GnuPG to automatically decrypt emails. This vulnerability could allow an attacker to read not only an encrypted message but even older messages encrypted with the same key.

while the various vendors are fixing their software EFF recommendation right now is to disable all plugins that allow to decrypt emails automatically and not to decrypt messages inside the mail software but instead, export them and decrypt them offline.

Here you can find a list of good procedures to disable the affected plugins and how to export encrypted emails to be read using offline tools: [**Pretty Good Procedures for Protecting Your Email**][3]

&nbsp;

 [1]: https://efail.de/
 [2]: https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
 [3]: https://www.eff.org/deeplinks/2018/05/pretty-good-procedures-protecting-your-email
Commit	Line	Data
e380f26a	1	---
	2	title: Vulnerabilities for PGP and emails
	3	author: Danilo M.
	4	type: post
	5	date: 2018-05-15T10:04:06+00:00
	6	excerpt: A series of vulnerabilities was discovered which affect emails encrypted with PGP and GnuPG, follow @EFF to understand more about this topic.
e380f26a	7	featured_image: /wp-content/uploads/2018/05/og-efail-resized_3.png
	8	categories:
	9	- security
	10	tags:
	11	- efail
	12	- eff
	13	- electronic frontier foundation
	14	- gnupg
	15	- pgp
	16	- security
	17	- vulnerability
	18
	19	---
	20	following a series of tweets from the Electronic Frontier Foundation, I’m reblogging their article to give it even more visibility on a topic that many don’t seem to know, which is email encryption.
	21
	22	A group of researchers has found out [and published][1] a series of vulnerabilities affecting the use of PGP for email encryption (you can read more in depth coverage on this topic on the [EFF website][2])
	23
	24	From what I understand the problem is related to those plugins that rely on PGP or GnuPG to automatically decrypt emails. This vulnerability could allow an attacker to read not only an encrypted message but even older messages encrypted with the same key.
	25
	26	while the various vendors are fixing their software EFF recommendation right now is to disable all plugins that allow to decrypt emails automatically and not to decrypt messages inside the mail software but instead, export them and decrypt them offline.
	27
	28	Here you can find a list of good procedures to disable the affected plugins and how to export encrypted emails to be read using offline tools: [Pretty Good Procedures for Protecting Your Email][3]
	29
	30
	31
	32	[1]: https://efail.de/
	33	[2]: https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
	34	[3]: https://www.eff.org/deeplinks/2018/05/pretty-good-procedures-protecting-your-email