Then, we suggested, it was time to sit and wait - we’d need to hear from the PGP developers themselves as they worked to identify a solution. Through this exploit, the attacker can ultimately gain a plain text version of the email they want to intercept.Īt the time we recorded the last episode, the best advice we had at the time to mitigate the risk of running into the bug was to disable the setting in your mail client that allows it to load remote content. As a quick refresher, the flaw works when an attacker exploits the way emails load HTML content that requires content from a web server, or when other external media is embedded into an email. You can read up on the full details of the flaw and the attack methods, dubbed eFail, in that episode’s show notes. Just a few weeks ago, back in Episode 93 of The Checklist, we discussed a flaw that had just been discovered in the encryption protocol most commonly used to send emails privately and securely, PGP. Let’s start things off be revisiting the topic of encrypted email.
