Welcome to WebmasterWorld Guest from 52.91.221.160

Forum Moderators: open

Message Too Old, No Replies

Very Old PGP Bug, SigSpoof, Fixed

     
10:01 am on Jun 18, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25913
votes: 881


A decades old flaw in PGP has finally been fixed in in GnuPG version 2.2.8, Enigmail 2.0.7, GPGTools 2018.3, and python GnuPG 0.4.3.

For their entire existence, some of the world's most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs. Very Old PGP Bug, SigSpoof, Fixed [arstechnica.com]
1:31 am on June 19, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


Do they have to change the name now from PGP (Pretty Good Privacy) to NVGP (Not Very Good Privacy)?
4:11 am on June 19, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9251
votes: 785


Or the "we started it but others are doing it better these days".... ?

What is fun is that a decades old flaw still managed to flummox bad actors... else we'd have heard about it ere now.