TECH TALK

Comment on this article

EFAIL – Vulnerabilities Found in OpenPGP & S/MIME

by Casandra Laskowski

Researchers recently released a paper describing serious vulnerabilities in PGP encryption. In short, one of the most popular encryption standards, PGP, has vulnerabilities that can allow attackers to view the content of encrypted emails without the knowledge of either the sender or receiver.

This may have crossed your desk already. However, for those that it may affect looking for best next steps or those looking for clear answers about the issue I wanted to bolster some great resources on the topic. Two of the links below come from the Electronic Frontier Foundation, who has folks much more skilled than I am at describing this vulnerability. If this vulnerability affects you, I’d suggest watching their Deeplinks Blog for more information.

The original research paper – This link also includes a quick summary of the vulnerability and answers some questions regarding the issue.

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw – This describes the way the discovered vulnerability works and advises some next steps while the vulnerability is being investigated.

PGP and EFAIL: Frequently Asked Questions – Provides answers to help users weigh the risks of continued use of PGP.

Copyright 2018 by Casandra Laskowski.

About the author: Casandra Laskowski is a Reference Librarian and Lecturing Fellow at Duke Law. She received her J.D. from the University of Maryland School of Law, and her M.L.I.S. from the University of Arizona. Prior to pursuing her career as a law librarian, she worked as a geospatial analyst in the United States Army and served a fifteen-month tour of duty in Iraq. Her areas of interest include privacy, censorship, and the intersection of national security and individual liberty.