Article in Forbes.
Hans-Christoph Steiner
hans at guardianproject.info
Thu Mar 19 15:27:21 CET 2015
Sounds like you should report it directly to GPGTools.org. I'm sure they have
a bug tracker or mailing address somewhere.
Have you seen any technical details on this attack? Its hard to tell exactly
what's happening from that article.
.hc
Eric F:
> Perhaps not directly gnupg related, more OS X related. But, with both
> GPGtools an GnuPG for OS X I'll post it here... (and there was this OS X
> sec. discussion the other week) :)
>
> It's seem like “Gatekeeper” is only using http if I read it correctly.
>
> Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper
> http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gatekeeper-bypass-exacerbated-by-unencrypted-av-downloads/
>
> “He found around 150 on his own machine, including hugely popular
> software like Microsoft Word and Excel, Apple’s own iCloud Photos and
> Dropbox. The list also included Apple’s developer tool *XCODE and email
> encryption key management software GPG Keychain, both of which he abused
> in his proof of concept attacks*.”
>
>
> I have no idea how this works, but one question that came in mind was if
> a hijacked “GPG Keychain” on a Mac computer could form a threat to gpg
> on other platforms?
>
> Anyway, interesting reading. Just wanted to share.
>
> /Eric
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
More information about the Gnupg-users
mailing list