Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it i

Aaron Mulder on 14 May 2018 07:46:12 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW

From: Aaron Mulder <ammulder@alumni.princeton.edu>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Date: Mon, 14 May 2018 10:46:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=kkI/6OkSojTIO54ZTfLbX+Q84MNZBxH7HXmhUD8gddU=; b=pvJRRLmmbFa1txvnK2y8psrU9zy8YobPMCa494ZbhxxP54npSeQZUeZC+vYWfY1yH/ A6QeujrvBkjJkpVbt1KF2UXgcTRWFaOdti8o2Sa6FmAXrT3LuboAg0lX9yvLfj0VgCLb HMVbGcLRHdepyLDThR7AdYe1eFkMQIcDPWUn55K9Fmvm0NEUNFz4M3zO/DE72Xq8XllY vtPbHAU4lKEDNyVLlgkWE6TzkvKMO75zNGhrtXvP1QEMvPoFT3mMtRLNqsLsnQKlnNQk RNaBxPM0uMXoYu0galLDJo/uaqc4aSzMRNjrqGoFhhatCapxFbpGj1MBbsXN+CBTbIrh Kqyw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

If I'm reading the EFF alert right, it does seem like the critical
problem is the ability of an HTML e-mail to submit it's own content to
a remote destination silently and automatically when you open it.

Thanks,
      Aaron

On Mon, May 14, 2018 at 10:40 AM, Matt Berlin <arkestra@gmail.com> wrote:
> Should read "HTML Email Client Flaw"...
>
>
> Matthew Berlin
> matt@psofe.com
> 553 Noble Road
> Atglen, PA 19310
> (484) 832-1055
>
> On Mon, May 14, 2018 at 10:25 AM, Rich Kulawiec <rsk@gsp.org> wrote:
>>
>> Brief analysis:
>>
>>         Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw
>>
>> https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
>>
>> Authors' site with link to full paper:
>>
>>         EFail
>>         https://efail.de/
>>
>> I haven't had time to do more than skim both articles, but will read the
>> full paper later today.
>>
>> ---rsk
>>
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --
>> http://www.phillylinux.org
>> Announcements -
>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --
>> http://lists.phillylinux.org/mailman/listinfo/plug
>
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Matt Berlin <arkestra@gmail.com>

Prev by Date: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Next by Date: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Previous by thread: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Next by thread: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Index(es):
- Date
- Thread