Let's say you want to intercept a message that I can decode. You damage the message, say by adding eight bytes of garbage. Repackage it so it looks like a PGP message. You send it to me and I open it and see nothing but garbage. If I send that back to you, then it is possible for you to decrypt the message. Is it very severe? In other words, is the problem widespread?
This is primarily a con job. It relies on you sending the message back. Also, most PGP messages are compressed, which means that method wouldn't work. Rarely PGP messages are sent uncompressed. One instance could be if the message is zipped before being encrypted with PGP. A chain of unlikely events have to occur for this method to work.
I don't mean to diminish the severity of it. People who make PGP applications need to be aware of such things. For example, a PGP developer may hand a message over to the user if there is a decompression error, as some of the text may be readable. That is a security problem, not a data problem. Now, a red flag should go up much like when there is an encryption error. Shouldn't warning lights go off when the garbled message comes from someone you don't know?
Not necessarily. Remember someone can be masquerading as someone you know. For example, someone could get a Hotmail account that looks like it's an old high school buddy of yours. How long has the vulnerability been around?
We knew the weakness existed years ago, but we didn't know how to exploit it. In fact, a fix for it was released in 2000, but the new version didn't have backward compatibility. Why didn't people switch to the fixed version?
It's hard to ask people to switch mail programs they have used perhaps for years for a potential security problem. Is there any evidence it has been exploited? Could someone have found it?
No, there is no evidence it has been used in the wild. But never say never. It's so clever that you'd have to think someone has thought it up and hasn't told anyone about it. It's possible but not likely. How can PGP users work around the problem?
The best way is to not hit the reply key and send any garbage back to the person who sent it to you. Send them another e-mail asking why they sent you garbage. You don't need to stop using the old version [of PGP]. It's a good attack but not so good an attack. It's clever by using a lot of social engineering and a little cryptography to work. So if someone could do this successfully once, can they then decrypt all your messages?
No. They can only read that one message. If they want to read 10 of your messages then they'll have to do it 10 times.