Various media have hyped a recently publicized paper about vulnerabilities of PGP encrypted e-mail, saying things like “e-mail no longer a secure method of communication“.
This is a load of BS.
Werner Koch, author of GNU Privacy Guard (GPG), has stated that such exploits have been known for almost 20 years and countermeasures have long been developed. GPG throws a hard error (since 2015) if the countermeasure is not detected upon decryption.
Enigmail, the Mozilla Thunderbird PGP addon, includes a fix (since February) that prevents any content being rendered to the user if GPG throws this error. This basically fixes the problem.
Claiming that PGP has been broken, the encryption itself has been broken, and telling users to not send encrypted e-mails anymore is WRONG.
I have to wonder if this is some kind of scheme or cyberattack meant to discredit email encryption as a whole. The use of encryption is obviously a thorn in the side of various agencies and third parties who would like you to stop using it.
In short: Use GnuPG and Enigmail, use the latest versions, disable loading third-party content from the web, or disable viewing HTML mails completely (if you’re paranoid, you probably did this already). Don’t panic.
spawnhost 