New PGP Encryption Exploits Are Being Discovered Almost Every Other Day
For more than a week, PGP developers have been rapidly working to patch critical flaws in the legacy encryption protocol used for sending and receiving secure emails; a tool that’s widely relied upon by lawyers, journalists, dissidents, and human rights advocates, many of whom operate at the highest levels of risk in shadows cast by repressive and unforgiving regimes.
New PGP encryption exploits are being discovered at a very rapid rate. Last week the Electronic Frontier Foundation (EFF) instructed users to discontinue their use of PGP due to the vulnerabilities. Many in the infosec community thought their advice was overblown. However, even after the first set of patches rolled out new, unpatched, vulnerabilities have been shown to exist.
If you simply using PGP to keep the messages private from unsophisticated prying eyes, like a boss, you're probably still safe using PGP.
However, for those who have legitimate reasons to suspect they are being individually targeted by an advanced threat, like a nation state, the warning issued by the EFF should be taken very seriously.
Have a comment?