>b's weblog

News. Journal. Whatever.

„Ungeeignet“, „populistisch“ und „verfassungswidrig“: Experten nehmen Söders Polizeigesetz auseinanderNerds retten die Welt!

Fake News: efail. No, do not uninstall your email encryption software!

The article of EFF is Fake News. The efail attack is working by loading remote content like pictures from the web – possibly without asking the user. This can be triggered by manipulated S/MIME or OpenPGP messages. If successful an attacker can access the source code of the mail.

The most stupiest thing one can do in this case is disabling encryption. Because then any attacker can access the source code of the message anyway. It's like trying to put out fires with gasoline. Instead, better disable loading of external pictures from the web – and not only because of efail. As an alternative, you can use mail clients, which do not load remote content at all. The clients of p≡p are working like this.

Enigmail does not have the issue any more for half of a year. p≡p never had the problem. This is why it is so important to keep your software up to date – especially when it's security related software!