Welcome to WebmasterWorld Guest from 54.196.42.8

Forum Moderators: open

Very Old PGP Bug, SigSpoof, Fixed

     
10:01 am on Jun 18, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25472
votes: 743


A decades old flaw in PGP has finally been fixed in in GnuPG version 2.2.8, Enigmail 2.0.7, GPGTools 2018.3, and python GnuPG 0.4.3.

For their entire existence, some of the world's most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs. Very Old PGP Bug, SigSpoof, Fixed [arstechnica.com]
1:31 am on June 19, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12334
votes: 805


Do they have to change the name now from PGP (Pretty Good Privacy) to NVGP (Not Very Good Privacy)?
4:11 am on June 19, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:8567
votes: 668


Or the "we started it but others are doing it better these days".... ?

What is fun is that a decades old flaw still managed to flummox bad actors... else we'd have heard about it ere now.