Decades-old PGP bug allowed hackers to spoof just about anyone’s signature

More from: | ArsTechnica |
0

EnlargeMarcus Brinkmann

For their entire existence, some of the world’s most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs.

Digital signatures are used to prove the source of

(...)

Read full article » https://arstechnica.com/?p=1332063


About | ArsTechnica |

Ars Technica was founded in 1998 when Founder & Editor-in-Chief Ken Fisher announced his plans for starting a publication devoted to technology that would cater to what he called "alpha geeks": technologists and IT professionals. Ken's vision was to build a publication with a simple editorial mission: be "technically savvy, up-to-date, and more fun" than what was currently popular in the space. In the ensuing years, with formidable contributions by a unique editorial staff, Ars Technica became a trusted source for technology news, tech policy analysis, breakdowns of the latest scientific advancements, gadget reviews, software, hardware, and nearly everything else found in between layers of silicon.

»Twitter: @arstechnica »Facebook: @arstechnica »YouTube: Ars Technica