My first reaction was oh my, also a little bit of yet another (not really) scare to the masses. After reading a bit, in particular the OpenPGP response and this series of tweets:
Quote:
Jan “I am my own bot” Wildeboer
@jwildeboer
20h20 hours ago
Replying to @seecurity @x0rz
Why the drama? Why not simply release the details now instead of Hollywood style „come back tomorrow for more!“
3 replies 3 retweets 71 likes
Sebastian Schinzel
@seecurity
20h20 hours ago
Because of the reasons you'll learn tomorrow.
9 replies 4 retweets 61 likes
Jan “I am my own bot” Wildeboer
@jwildeboer
19h19 hours ago
EFF focuses on PGP, while you also mention S/MIME. I gather standalone use of GPG/PGP is safe? If yes, that should be made very clear. Or should we stop signing rpms, git commits with GPG too?
3 replies 2 retweets 21 likes
Sebastian Schinzel
@seecurity
19h19 hours ago
The tweets and blog posts were written very carefully. Please also read them carefully. They contain anything you need to know until tomorrow.
2 replies 2 retweets 33 likes
|
I am going with yet another (not really scare).
I see by the report
https://efail.de/ that as the OpenPGP folks state it a buggy email thing. It also bugs me a bit that a web site was created just for this. Wow! That really means it must be bad. This plays in fo fear big time. Just reading the web site has me want to run for cover.
Quote:
Originally Posted by janusz
The last sentence of the GnuPG official statement says (my emphasis): A whole lot of people got scared, and over very little.
|
Pretty much sums it up.
On a plus side. My client is not vulnerable.