“A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.“
Officially called “EFAIL”: https://efail.de/
A number of platforms are said to be vulnerable.
Quotes include, “Email is no longer a secure communication medium” and “can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”.
IMHO there seems to be a bit of hysteria going on about this this morning. On the other hand, I’m no security expert so what do I know.
Protonmail has stated,
“ProtonMail is safe against the efail PGP vulnerability. The real vulnerability is implementation errors in various PGP clients. PGP (and OpenPGP) is fine. Any service that uses our @openpgpjs library is also safe as long the default settings aren’t changed.”
I dunno, I never really believed anything on a computer was 100% secure or private and tend to conduct myself accordingly. Of course I’m just an average, boring dude so I’ve no idea why someone would waste the effort to read my email.
There is gonna be a lot more to read on this in the coming days.