E-Fail attack against GPGTools

Another day another attack against GnuPGP tools. I have long believed that the complicated integration mechanism that¬†GPGTools use to integrate with the Mail client are vulnerable to attack. Not too long ago Internet Explorer browser extensions were the attack vector into Windows PC’s.


Remember with NouveauPG, the entire app is sandboxed. The only way to get data in or out is by selecting a file using the system file dialog box, or using the clipboard. No internet access, third party plug-ins or anything. The only reason encryption is not ubiquitous by now is the trade-off between usability. More ‘convenient’ schemes always seem to backfire. NouveauPG is as simple as I know how to make it.