Security Flaw Discovered in GPG 151
WeLikeRoy writes "A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2."
Shouldn't be a surprise... (Score:4, Insightful)
Re:Double Bag That Burger (Score:0, Insightful)
Re:Well... (Score:5, Insightful)
I don't mean this to come across as flamebait, but that's one of the stupidest comments I've read on Slashdot today. You could just as well - and with the same justification - say that telephones shouldn't be used for conducting business (all business consists of commercially sensitive transactions, mind you), or that letters shouldn't be used, that the postal services can't be trusted, that pens and paper shouldn't be used for writing down contracts, and so on.
All these things, just like email and just like GPG, are tools. Tools, like everything, are fundamentally insecure, at least theoretically; there is no absolute security. But you can minimise risks by using tools the right way, by making sure that malfunctions don't lead to a cascade of further malfunctions, and - maybe most importantly - by *realising* and *keeping in mind* that nothing is ever perfectly secure. If you do that, you can use email for sensitive things just like you can use the phone network or the postal services or direct face-to-face communication; you merely have to be aware of the risks and how to manage/minimise them.
Panicking and crying "email is never secure!" isn't going to get you anywhere, really. You're just limiting yourself to other means of communication which are basically just as secure or insecure as email is, and given that statement, chances are you haven't really understood how security works, anyway, so you're probably less secure no matter what you do.
Enigmail is fine... (Score:2, Insightful)
Re:Whew! (Score:1, Insightful)
Re:Not a fundamental flaw. (Score:3, Insightful)
ergo the injection you proposed would not be valid and hence would be rejected
by the signature verification process.
try and add something before or after the actual e-mail message and see how much sense
it would make to someone reading it...
Arash
Re:Whew! (Score:2, Insightful)
If you had published your email, I'm sure you'd have 500 encrypted "Hello, world!" emails from other Slashdot readers.
Re:Not a fundamental flaw. (Score:3, Insightful)
But if I understood correctly, GPG doesn't include the headers in the signature; so even without this bug, you could just change the subject to refer to Foo Bar.
Tricky business, security is :(.