| OK, so Thunderbird plus Enigmail is probably most popular in Linux. And according to Robert J. Hansen:[0] > By default, GnuPG will scream bloody murder if a message lacks an MDC or if the MDC is invalid. At that point it's up to your email client to pay attention to the warning and do the right thing. Enigmail 2.0 and later are fine, but I can't speak for other systems. So if you use Enigmail, do make sure that you're not at v1.99. Just get the add-on in Thunderbird. Also, of course, make sure that external resources aren't being fetched. 0) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/06032... Edit: Oh, but damn. There's more in that thread. Enigmail >v2 can be forced to decrypt with MDC missing.[1] And this is a gpg bug:[2] > ... and Patrick, moving faster than the speed of light, already has the bug triaged and bounced back. This is actually a GnuPG bug, not an Enigmail bug. ... However:[3] > It's worth noting, incidentally, the #Efail attack flat-out requires MIME. So inline PGP messages are not vulnerable, as there's no MIME parsing pass which can be exploited. So you're still safe, although this is still a bug that should be fixed. ;) I also saw something about it requiring HTML decoding, but can't find it again :( 1) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/06032... 2) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/06032... 3) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/06032... More: Yes, disable HTML rendering. In Thunderbird, select "/ View / Message Body As / Plain Text". And:[4] > The EFAIL attacks break PGP and S/MIME email encryption by coercing clients into sending the full plaintext of the emails to the attacker. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago. So basically, 1) the attacker embeds a link to the encrypted message, 2) the email client fetches and decrypts it, and then 3) sends plaintext back to the attacker. 4) https://lists.cpunks.org/pipermail/cypherpunks/2018-May/0421... |
What? The attacker embeds secure content inside a link, not a link to the content. It could come from files stored in a public place or emails.