Updated: July 17, 2019
Two collaborators from the OpenPGP community were attacked by a spam certificate attack.
The attack took place last month and exploited the mistakes
The OpenPGP protocol itself is designed to poison OpenPGP victims
Two goals of Robert J.
Hansen and Daniel were Gilmore, locally known as RJH
And such that.
Someone is trying to sign a toxic certificate
Setting up OpenPGP tariffs is expensive
Hansen said complex areas are problem solving.
Positive Certificates Certificates are now available on SKS Key Server
String There is no reason to believe that the attacker will stop
Only two regretted it. Thanks for the ease of attack and much more.
The success of the attack is obvious, it is recommended to trust each other
The article states that it will be regretted in the near future.
The hacker attacked the signatures.
Configured on a network of master servers. Symptoms are common
Statements by other people representing your party
The certification sign confirms that it is indeed attached to the certificate.
For this man
Open PGP is not limited to the function number only
There may be a document with the character. Network with leading providers
For 150,000 signing process certificates.
Both Hansen and Glamor received public marks so large that they were ineffective.
According to Hansen, this has serious consequences.
They taste good and they are all bad. If
Yes, you are copying toxic keys from a large network of keys
GnuPG poisoning is inevitable
Network key is gone. Bad number
As time goes on, the reasons increase. FIG
It is not clear if the attacker tried to harm anyone
Certificate. We don’t know how much it costs.
According to Hansen, the SKS communications network was unable to direct the attack.
The Open PGP team may be cleared later this year
Adjust the time zone. The implications of future open PGP software will do this
There are usually charities, but there are no plans. All
It’s easy to limit what you can do now: quit
Hansen said he was receiving data from the SKS service network.
This was reported by Jake Moore, ESET Network Security Specialist at SC Media UK
If they fail, they say they dont need to work
Sometimes we need to pay attention to camera security.
The acceptance and expectation of everything is weak.
He said most backup protocols need to be updated, and this is a very good example.
Although they use the old method, I attack
Understandable. Add a shortcut to the tab
Document recovery alone is not the best tool here
Threats can become a problem. Loyal users
Here are some tips to keep in mind when filling out your application
The required server is ready until other tasks are completed and a solution is found
This problem has been solved.
Kevin Bochik, Executive Vice President for Security and Risk Management
Vinafi SC Media UK showed that the attack was strong
Documents can be in any form: the program is basically canceled
Important functions such as privacy.
This attack did not violate TLS requirements
The signature is considered directly because it is managed by another CA.
Open a PGP server, identify the person who needs to understand that you need to manage them
weapons. It is noted that TLS alleviates difficulties in daily work
Follow the giant’s certificate and node