Micah Lee ๐Ÿ”‘ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Micah Lee ๐Ÿ”‘ @micahflee

In Apple Mail, there is no protecting PGP-encrypted messages. Even with disabling remote content, GPGTools is vulnerable to EFAIL, and the only mitigation for now is to switch to Thunderbird/Enigmail, and disable viewing HTML emails


ยท Web ยท 19 ยท 9

Here's a proof-of-concept exploit that I developed (Hanno Bรถck deserves much of the credit too) that demonstrates the attack:


@micahflee Thank you for your continuing work on this. Clear videos that show just how easy the social engineering really put things in the right context, IMO.

Hopefully "next time" we have a drama like this you'll be able to recommend Mailpile as an alternative as well. Hopefully! ๐Ÿ˜

@HerraBRE It's been a long time since I last tried Mailpile, I should try it out again

@micahflee Wait another month or so, and we should have a Mailpile.app ready for Mac users to test.

@mastor @HerraBRE @micahflee fun fact, Mailpile is the only e-mail client I know that completely blocks HTML in encrypted e-mails.

@mastor @rysiek @HerraBRE nope! Mutt is one of the few email clients that hasn't been vulnerable at all

@HerraBRE @micahflee @rysiek \รถ/ (-:
So, perhaps, the hard work setting it up (for me as a medium talented user) pays.
I also use it via in , by the way. Mutt in Copperhead, Neomutt in Qubes.