[Gpg4win-users-en] Security warning by EFF ?

Andre Heinecke aheinecke at intevation.de
Mon May 14 10:20:14 CEST 2018


On Monday, May 14, 2018 9:49:20 AM CEST Andre Heinecke wrote:
> On Monday, May 14, 2018 9:17:24 AM CEST Martin wrote:
> > What's about this security warning by EFF ?
> > 
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> As far as we know neither Gpg4win nor GnuPG or GpgOL is seriously
> affected by anything in that paper.

To expand on this: We got a look at the Paper although neither GpgOL nor GnuPG 
were directly contacted by the Researcher. As the main developer of GpgOL I 
was not made aware of any security issue for GpgOL in advance.

As we see it only clients which ignore MDC failures are seriously affected 
regarding OpenPGP. This is not the case for GpgOL.

It might be that problems exists regarding S/MIME together with the HTML 
parsing in Outlook. But as said, we currently are not aware of any. Also note 
that S/MIME support is disabled by default in GpgOL. You might want to 
deactivate S/MIME Support temporarily until that paper is published.

Also see Werner Koch comment on the gnupg-users mailing list about this:

Best Regards,

Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20180514/0378f821/attachment.asc>

More information about the Gpg4win-users-en mailing list