Updated July 17, 2019
Two members of the OpenPGP community became victims of hackers’ spam attacks.
Last month’s attack was wrong
OpenPGP protocol for poisoning OpenPGP victims
Certified. Two of the lawyers were taken by Robert J. Schneider.
Hansen, Daniel Khan Gilmore, is known in the community as RJ
And so on.
All imported and toxic imports
OpenPGP vulnerabilities tend to fall
Hansen said yes.
Toxic certificates are already SKS appendices
There is no reason to believe that the Internet invader is gone
Only two toxic substances. Think lightly disgusting with
The effect of the attack is good for carrying others
These certificates are toxic, post [no
The Treasury began signing the attack
Spread over optimized network. These are usually signed
Information provided by others representing the audience
Confirmation The signature confirms that this certificate is valid
For whom it makes no difference.
OpenPGP fragmentation is not limited by pixels
Signatures can be added to the certificate. The only key
About 150,000 registered certificates are managed
Hansen and Gilmore are registered in their official key, as both cannot be hanged.
According to Hansen, the results are catastrophic.
There are big companies that are central and all is well. and
Remove the corrupted certificate from the primary server network
Revocation of the GnuPG Poison Certificate
Server-based server. Large amount of poison
From here, other certificates increase over time. I do
I don’t know if any of these attackers tried to poison
certificates. We do not know the extent of the damage.
Hansen said that this attack on SKS’s server network could not be ruled out.
The OpenPGP team cannot change this
In time. Future versions of OpenPGP
They are lightly oiled, but not for a short time. welcome
Most deductions are now simple: stop
Hansen also connects this data to the SKS network.
Jake Moore Tells British Media about Cybersecurity
Even if they say theres a break in the pool, dont try to work too hard
The following scenario, when it comes to network security, is worth considering
Think more confidently than anything else.
Many well-known safety rules need help, and this is a good example of what has been said.
Even if this is an old strategy, it attacks
It is very unique. It does not pass for a moment
However, automatic certificate renewal is not the best weapon here.
It may even help reduce potential attacks. Specific users
This poses a serious risk and may need to be stopped.
Keys until work is completed and resolved
This is problem.
Kevin Boxing, vice president of security and intelligence strategies against threats and
Venfay told MS Media in the UK that the attack showed how strong it was
All types of certificates can be: limited specialized software
Sensitive software such as encoding.
This attack will not destroy TLS certificates
Signatures are handled differently by CA.
Replacing PGP servers showed that the bad guys understood that they were powerful
Weapons. Heavier TLS allows for more daily damage
Estimates of theft and theft provoke certificates to prevent further competition