Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw

Og efail resized

UPDATE: Enigmail and GPG Tools have been patched for EFAIL. For more up-to-date information, please see EFF's Surveillance Self-Defense guides.

Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.

A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper...

Read More

Attention PGP Users: New Vulnerabilities Require You To Take Action Now

Og efail resized

UPDATE: Enigmail and GPG Tools have been patched for EFAIL. For more up-to-date information, please see EFF's Surveillance Self-Defense guides.

UPDATE (5/14/18): More information has been released. See EFF's more detailed explanation and analysis here.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and...

Read More

KRACK Vulnerability: What You Need To Know

This week security researchers announced a newly discovered vulnerability dubbed KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it’s important to keep the impact of KRACK in perspective: KRACK does not...

Read More

Hey CIA, You Held On To Security Flaw Information—But Now It's Out. That's Not How It Should Work

Wikileaks today released documents that appear to describe software tools used by the CIA to break into the devices that we all use at home and work. While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.

The worst thing that...

Read More

Cryptographers Demonstrate Collision in Popular SHA-1 Algorithm

On February 23rd, a joint team from the CWI Amsterdam and Google announced that they had generated the first ever collision in the SHA-1 cryptographic hashing algorithm. SHA-1 has long been considered theoretically insecure by cryptanalysts due to weaknesses in the algorithm design, but this marks the first time researchers were actually able to demonstrate a real-world example of the insecurity. In addition to being a powerful Proof of Concept (POC), the computing power that went into...

Read More
Close tooltip