m a s t o r is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Micah Lee ๐Ÿ”‘ @micahflee

In Apple Mail, there is no protecting PGP-encrypted messages. Even with disabling remote content, GPGTools is vulnerable to EFAIL, and the only mitigation for now is to switch to Thunderbird/Enigmail, and disable viewing HTML emails

theintercept.com/2018/05/25/in

Micah Lee ๐Ÿ”‘ @micahflee

Here's a proof-of-concept exploit that I developed (Hanno Bรถck deserves much of the credit too) that demonstrates the attack:

youtube.com/watch?v=IMPKe-GJSh

Wack Playstation Sup! ๐Ÿ™Š ๐Ÿ‡ฎ๐Ÿ‡ธ ๐Ÿ @HerraBRE@mastodon.xyz

@micahflee Thank you for your continuing work on this. Clear videos that show just how easy the social engineering really put things in the right context, IMO.

Hopefully "next time" we have a drama like this you'll be able to recommend Mailpile as an alternative as well. Hopefully! ๐Ÿ˜

Micah Lee ๐Ÿ”‘ @micahflee

@HerraBRE It's been a long time since I last tried Mailpile, I should try it out again

m a s t o r @mastor

@HerraBRE @micahflee dito! ;)

rysiek โœ… @rysiek

@mastor @HerraBRE @micahflee fun fact, Mailpile is the only e-mail client I know that completely blocks HTML in encrypted e-mails.

m a s t o r @mastor

@micahflee @rysiek @HerraBRE What about Mutt?

Micah Lee ๐Ÿ”‘ @micahflee

@mastor @rysiek @HerraBRE nope! Mutt is one of the few email clients that hasn't been vulnerable at all

m a s t o r @mastor

@HerraBRE @micahflee @rysiek \รถ/ (-:
So, perhaps, the hard work setting it up (for me as a medium talented user) pays.
I also use it via in , by the way. Mutt in Copperhead, Neomutt in Qubes.

ยท tootstream ยท 0 ยท 0
mastodon.social powered by Mastodon