In Apple Mail, there is no protecting PGP-encrypted messages. Even with disabling remote content, GPGTools is vulnerable to EFAIL, and the only mitigation for now is to switch to Thunderbird/Enigmail, and disable viewing HTML emails

ยท Web ยท 1 ยท 20 ยท 10

Here's a proof-of-concept exploit that I developed (Hanno Bรถck deserves much of the credit too) that demonstrates the attack:

@micahflee Thank you for your continuing work on this. Clear videos that show just how easy the social engineering really put things in the right context, IMO.

Hopefully "next time" we have a drama like this you'll be able to recommend Mailpile as an alternative as well. Hopefully! ๐Ÿ˜

@HerraBRE It's been a long time since I last tried Mailpile, I should try it out again

@micahflee Wait another month or so, and we should have a ready for Mac users to test.

@mastor @HerraBRE @micahflee fun fact, Mailpile is the only e-mail client I know that completely blocks HTML in encrypted e-mails.

@mastor @rysiek @HerraBRE nope! Mutt is one of the few email clients that hasn't been vulnerable at all

@HerraBRE @micahflee @rysiek \รถ/ (-:
So, perhaps, the hard work setting it up (for me as a medium talented user) pays.
I also use it via in , by the way. Mutt in Copperhead, Neomutt in Qubes.

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!