pixel

TAKE ACTION NOW: PGP, GPG, S/MIME Broken

As reported by the Electronic Frontier Foundation (EFF) this morning <https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now>, a group of security researchers found a set of vulnerabilities impacting users of PGP, GPG, and S/MIME. These are the considered the cornerstones of encryption security for email. The vulnerabilities pose an immediate risk of exposure not only of any email sent going forward, but also to all those encrypted emails in storage.

The EFF is recommending that all users of PGP, GPG, and S/MIME “immediately disable and/or uninstall tools that automatically decrypt PGP-email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels…”. MintzIT is recommending the use of Wire <https://www.wire.com> or Signal <https://www.signal.org> for secure end-to-end messaging.