PGP implementations in email vulnerable

Monday 14 May 2018

European researchers have discovered a vulnerability in the way PGP and GPG are implemented in email programs.

The vulnerability appears to be in the part that ensures automatic decryption of messages. For the time being, the advice is to disable tools that ensure automatic decryption.

The standard advice also applies here:

Check the sender. Do you expect such reports from them?
Disable automatic rendering of images and other content in e-mail messages.
Pay attention to strange behavior of your mail program; the PGP / GPG plug-in should give a warning about incorrect encryption.

Update14th May, 14:25: The researcher have published more information See link below.

Extended explanation about the vulnerability EFAIL

More recent news

Wed 10 Apr 2024
Reminder: Meet Up on Digitalisation & Security
Wed 27 Mar 2024
E-mail Privacy and Security Awareness Training
Sun 17 Mar 2024
Important Announcement: Mandatory Privacy and Security awareness training
Thu 29 Feb 2024
Digital Cleanup Day: clean up your digital waste
Tue 23 Jan 2024
UT maps decision-making processes of victims of ransomware

News summary