Digital Security Exchange

This week, security researchers released information about vulnerabilities in PGP email clients that could expose past or future content, even if it was encrypted, dubbing the flaw “Efail.” Please take the time to read this quick note about what the PGP email threat is and how to take action.

The Electronic Frontier Foundation, in a report this week, warned users of major email clients to disable or uninstall PGP plugins and switch to another secure communication method. The list of email clients includes Thunderbird with Enigmail, Mac OS, and Gpg4win for Windows.

There’s a robust discussion within the security community about the ramifications of this vulnerability and what users need to do in response. From our perspective, it’s best to be conservative and avoid using encrypted email until these issues are resolved.

Specifically:

If you choose to continue using email, encrypting it using PGP is still much better than not encrypting it at all. But do the following:

Please follow us on Twitter or join our mailing list for more updates.