Share good ideas and conversation.   Login, Join Us, or Take a Tour!
comment by johnnyFive
johnnyFive  ·  95 days ago  ·  link  ·    ·  parent  ·  post: EFAIL: turns out email PGP has a vulnerability

    The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

This is the part that makes this much less serious. I would hope that anyone capable enough to use PGP to begin with would also know not to have their client pull in anything external. I'm gradually moving to Protonmail as my e-mail provider, and it defaults to not downloading any external images (a setting that I have, needless to say, left alone).




bfv  ·  95 days ago  ·  link  ·  

I don't think I've met an email client that didn't default to not loading external resources since the Netscape email client way back when. It looked like a vulnerability you had to opt in for to me too.