GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone’s Signature


A security researcher has discovered a critical vulnerability in some of the world’s most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages.

The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail, in PGP and S/Mime encryption tools that could allow attackers to reveal encrypted emails in plaintext, affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook.

Read more…
Source: The Hacker News