GNU Privacy Guard Vulnerabl To Phishing-style Attacks


A critical flaw in the popular encryption software GNU Privacy Guard (GPG) allows attackers to launch a phishing-style attack that inserts text appearing to part of a trusted email, Core Security Technologies announced today.

That text may contain malware or lead unsuspecting users to a malicious website, Ivan Arce, CTO of Core Security, the vendor that discovered the flaw, told today.

The vulnerability, which has been patched since Feb. 20 and is corrected in the new version of GPG that was released Monday, affects email clients such as KMail, Evolution, Sylpheed, Mutt and GNUMail, said Arce.

From SC Magazine

Leave a comment

Published: March 13, 2007 @ 6:39 pm Filed under: News
Comments-RSS 2.0 Feed.
Leave a comment or TrackBack.