Unknown attackers are spamming a core component of the ecosystem of the well-known encryption software PGP, breaking users’ PGP installations and clients. What’s worse, there may be no way to stop them.
Last week, contributors to the PGP protocol GnuPG noticed that someone was “poisoning” or “flooding” their certificates. In this case, poisoning refers to an attack where someone spams a certificate with a large number of signatures or certifications. This makes it impossible for the the PGP software that people use to verify its authenticity, which can make the software unusable or break. In practice, according to
This post first appeared on motherboard security news. Read the full article.