GNU Privacy Guard Vulnerabl To Phishing-style Attacks

March 13, 2007 @ 6:39 pm


A critical flaw in the popular encryption software GNU Privacy Guard (GPG) allows attackers to launch a phishing-style attack that inserts text appearing to part of a trusted email, Core Security Technologies announced today.

That text may contain malware or lead unsuspecting users to a malicious website, Ivan Arce, CTO of Core Security, the vendor that discovered the flaw, told today.

The vulnerability, which has been patched since Feb. 20 and is corrected in the new version of GPG that was released Monday, affects email clients such as KMail, Evolution, Sylpheed, Mutt and GNUMail, said Arce.

From SC Magazine

Category News | No Comments