PGP (Pretty Good Privacy) has been the gold standard of email encryption for many years. However, a vulnerability released early today identifies a critical vulnerability that could be exploited to gain plaintext of an encrypted message.
I’m still unpacking the findings, but Gizmodo has a good write-up to get started. You can read that HERE.
Some privacy experts are saying the issue is overblown and that users that are not using HTML emails should be fine. Others are suggesting that users disable the encryption tools immediately. I think that the best course of action is to (1) disable HTML email and (2) send messages as encrypted with the assumption that the message may not be secure. Messages requiring addition security should be sent via tools that rely on end-to-end encryption.
What are you doing in response to this issue?
Comments are closed.