Unpacking things a bit: the advice is to disable *automatic* decryption of *e-mail*.
This implies there is a way to exploit automatic e-mail decryption as an oracle that leaks information about your keys back to the attacker.
So there must be a side-channel back to the attacker. My guess is the channel is MDNs (read receipts) or exploiting HTML mail in some way.
If so, #Mailpile is not vulnerable. But I'm only guessing - time will tell.
Pues justamente hoy no es el mejor momento 😂
"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email".
collegotas.. no es PGP que esta mal.. lo problema es lo software que desencripta PGP con HTML!
As it turn out, we can really keep calm.
Just continue your day and use PGP as usual with forced plaintext mails and signed + encrypted mails.
F*** EFF, i wont take'em seriously anymore... 😡 😡 😡
"They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation."
O masto.donte.com.br é uma instância moderada com um foco em usuários do Brasil, mas usuários de outros lugares (e outras línguas) são bem vindos. Discursos de ódio são proibidos. Usuários que não respeitem as regras serão silenciados ou suspensos, dependendo da severidade da violação.