• Decades-old PGP bug allowed hackers to spoof just about anyone's signature

    4 days ago - By Ars Technica

    Enlarge
    For their entire existence, some of the world's most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs.
    Digital signatures are used to prove the source of an encrypted message, data backup, or software update. Typically, the source must use a...
    Read more ...