Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it i

Thomas Delrue on 17 May 2018 18:54:56 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW

From: Thomas Delrue <delrue.thomas@gmail.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>, Michael Leone <turgon@mike-leone.com>
Subject: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Date: Thu, 17 May 2018 21:54:46 -0400
Autocrypt: addr=delrue.thomas@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFQrCDsBEADLFrDFBCwI3xx28Gjm0euJ1X8WC8r7xHMpnXCQpL6mzljJtKLbNmkVXK10 USaQq3vDs3oEVWnVQIHzfii3Pf+UKfG8SptZqiOF/h4VStQH6/YCr0MSY2t31SCV/ua2cRP9 lq1DMJLNZy9T2hBP/GEj9AvTUfbnm8l/0CXI1VziGiykvZ0soiA4fttAe1Iu7uczm5A8iE5B mVT59OncGasOnU2rBDheZ5gXQ25rN2nm18jcu0TR3nodtnKDbRYvT6ik3Ym0QpxaV4K8S6NH b7xZeHkMeKzDoLfq9gid2pSBGhZkXDJCUtivRo9EOu8Dd1lAwnJOfV9sBiJ39AUm7cBknFiw hMOI6OmYZbAsgKG90SJEaWd3cLOHr75SSikTqPqg30Ok/S/HT9AQ2hCwo77iWy5eRmI5m0fB OorFf5lfYiOfi1LNmH8KZcFpRPE7GEF/nVCT8Pp/sFvrV2qf7kW7XDjEgE6vkpYVKGNEoYLj UqRfEA3thCaHmWUpXrP+tEq84hwQCiFrRKgivxQn7eZ5mreN6haY1rwjeJ3hlAfajQik2rHC kPDLtTOjpOURqErkodwQrqQDO91gNWq8F/IvIZDWLAH8Y+8emy0gHKvHxQ+thT536BAMdrRf hNdKFc+dZyhYD+17hXOHqh33weVajICufwu5NMehNhp9HxsK3QARAQABzSdUaG9tYXMgRGVs cnVlIDxkZWxydWUudGhvbWFzQGdtYWlsLmNvbT7CwX4EEwECACgFAlQrCDsCGwMFCQlmAYAG CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKosl9oIs/pOoLoP/085ttR5tj9Z45E4iR8i UJT/RTPnBg1e/XJW3VKQeojr/FFpROT9lQMdrp6vCT2IbdGLtPvOu5HVpmkUCSyroQEQQ4vx 84TO5+6QWpTU6h8Qo/xixuua1+NLmFqrxL72gIPj/LhiBjerLPRtVrmvRe1XyGtz+jvohqyK XMN41zlqGMiihBLUkUT8uOnyejaavP3AcwCK+wBC1s1NIaxqoBNhwf4tIJCKfJ47YRN5/ouz EU94Z2ijFRYJ7Na93GsGqDuSUYV2f8iRC+Z6F+GrUcVIxqy1XVpqPmMi5bRmyXPCtba/zlph 4oySdQBF+OKBg4+CLywt+dFtBG0PKEQR9+2PwyJWJmEzTpIpgZY08TunbvppjnleF8D9ZRDr 1bXbtVxdOsXGiQLfwZ7EX1OpdJa4fuLUtZBQNvaZHSTV+VFebhCyBWuFKJuw5GboA3K4gFNf 7Ng/35sLItzpfTs+XDdzuDwp5axPgZZsF43lmDFku4TKwDCCwkW7wt4E3qvHBLEidKIdZWTg 4v/+b3RJhQWKYKJsg5DaUvSGwPWIr49kNbKOyxNBvJY4buFyFzhSaXera3UPtMgggcPdI7OQ P7uK92FRjzo0EEXByjGk21Jjcwdxn1aZtVRP7S3GY/2B5wJxJftbm7bO3gQ+hPXiXf0qx3LZ 2MuRAgkkZU7iEWvmzsFNBFQrCDsBEACwpu+kShb5kMPr4N/OU51Pdrih9ZZ2nJ7Y9KriOeKI ydX7qx3ERcDPXCivW/kWF54ITwna6/hdcnJLIWyiJo+03wylm5Evk9u/n0yYY1e8UKRINEqR VmQQ8mNYfnFEvnVzVQmhRpFgUFKhAYvgpcwN8K+ttuc+WSrtZaj1Lxer7tNqmb8yZqfHY1qY om6IKlVTXUFTryTE8JbfUT/sG+dCWA7YLP02Ki/hCaqslQIbE5MZcnNGWWNXN6TMxPZvZJUu JVeNKlRZUcGaHDk4h3xcThUCz6MZf8Z0QtIYJYpIQfUyf3RKy1ET++00KPaI5quu2pSBddZW 2vKDOUnZbpk8xPI0nWog4mlM9NVgErgLDy1DMzvek50ZEjkWllSknrexmtmD9TcxD1X9zNRc zs1l2ia4fyEGhOH1NHrZ2olw0IF3FLrikHcbBBJUdiz7gY28lx+SoJf6RRD1IcKKLEFOg9nn OcxFVMYzV/3IYa8fxTGGrmQ60MAxr7EthUxSLHgKb3MYaV2s99T5CIDi+wX+TELxV0fM6D+c /q69jIIuu37Xwnp449aLySfeHLYsALP8S4h1Fnxtm0w8o+L9t6AWpg78biL3brIpgUNnZNK/ QSHdg/9A02bxY4tSZs2kBq1xnFdK1qsvdgnZblHiq/o4gFXiQwv5l3YccieK2yXesQARAQAB wsFlBBgBAgAPBQJUKwg7AhsMBQkJZgGAAAoJEKosl9oIs/pODzEP/1wfcBGUekDdBMonwBpf MMkWIISZvcvqp/18jvjT/y/sRpXLp+Oei3n+cBrCnWR7XojPje9JQV8HOAW9s7F5PYxeAUZI zmCSr4UK/in7VYyFydbfn776esA6FkZCJ+q2nDtQfGNTd1F7NenRmw1xr6WlNXyuOVQO4bTs XlsbJbG4MEbWsdmHLl3/zWQEFrSI9SAHq5AugoOwJnyi781z7IGZ1vWWDYi3xwl16KGCou/Y p24MiNkkrZK6loCN8wPiVmw/fOL5k1v329d6IpxFD6AdCNqUrWcxISbfG1m0ujsqXIn3AMyk SnOGhNiCJ8s0uW8hBGdV/WQ6auSRnWKxQGt9/58Ox5cQyAzebwhWP7Ovh8CZGPdLw2Twsxfr P0RgrcP3RIT3GF1XkdvNMwn8QhEdUs/7dKyuI5QJf3R4g59+gLO9jHizo0CwRT3Rsg0MZUwq LRpm5vpu2y6Je7NlLgLfEsc820bIxUXCoVxiK9wJB3P5A+zk+IN2qsZmX+xpReblstCpUYgd ebUtE78xSXsSCFsulwtxrHc6m+KrIlp0tATYp4Lj04pUjlPf5Kd05XU806HXw7BtH2W8+pDn kkLtOLbnCVoz4PrhYg4Z2PYDtHQwdSUoqN9WRWh970XX+TdirKOJEiit3zAIJtcIsJsOhNMt mNqlY4v/7BvBD6dK
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:openpgp:autocrypt:subject:message-id:date :user-agent:mime-version:in-reply-to; bh=nlrrTIUdIW0X92+RhDv/PL1N4w5VDP9uz9t3+nn3fDw=; b=GudTjRywN+uD1czFHnB2ndG/PHwBR8A+TlBaoEqs8jS9qcyYwR4NlNgqBI8xl+ZgY0 HfeklPWBK6wqjF+/w1M22yzKPKtB8osqVMPyCV+74RdH6YfIJzOGonmHvBAugpn8oRej a0i6sP8gp4v368a+JFHK0ZS7hhKfl6VLUo1ZA2Il72CIcj7kSu23TcOECg4AY4QO5s2t raLqmHezjmCFnJdNw2O8c5Ra+Df9CFTeFalSscYmE9Ahl+W97YamzsxzNoFUVlkAqgmR mQh0rQ0krxYO1RypaKYmr758dnFmvehn4GaGSGFza1FsGkBHLjdCShbooMAA5/kFcEk5 ul7A==
Openpgp: preference=signencrypt
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 05/17/2018 09:42 AM, Michael Leone wrote:
> On Thu, May 17, 2018 at 9:22 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
>> On Thu, May 17, 2018 at 8:59 AM Rich Kulawiec <rsk@gsp.org> wrote:
>>
>>> The moral is: never, EVER, read your email with a web browser.
>>
>> This is impractical
> 
> That's putting it mildly, I'd say ... as I answer this from my Chrome
> web browser ...

That appears to be a conscious choice or set of choices you've made. I
don't think it's impractical. Inconvenient? Maybe... but impractical,
surely not. And I can only fake that much patience for complaints about
this type of 'inconvenience' and subsequent complaints about 'pwnage'
(although I'm not suggesting you are making such complaints).

I find the mentality of blindly following "that's what people want and
we should therefore give it to them" increasingly annoying and, frankly,
ignorant and unproductive; especially if we (as an industry or craft)
then continue to get hammered and blamed for doing exactly that,
delivering them the insecure products or processes/methods they asked
for and for which we now get blamed in return.

When a structural/materials engineer tells his customer that "if you
make me do that, your fancy bridge will collapse the first time 3 trucks
drive over it at the same time", then that customer listens and acquiesces.
But if a software engineers give a customer an equivalent warning about
what they are trying to make them do, the software person is overruled.
Why exactly is that? Is it because the damage is not something they can
wrap their mind around, whereas a collapsing bridge is easily imagined?

As a retort to your "chrome web browser": ... as I answer this from my
Thunderbird e-mail client configured to do text-only and with GPG locked
and loaded.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Rich Freeman <r-plug@thefreemanclan.net>

References:
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Greg Helledy <gregsonh@gra-inc.com>
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Fwd: Gentoo Shut Down Stalls
Next by Date: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Previous by thread: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Next by thread: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Index(es):
- Date
- Thread