This article will describe PGP Certificate Flooding attacks as well as inform the reader
How to detect if you have a poisoned certificate in your keyring, How to identify & clean the poisoned cert, and How to update the configuration to prevent it from importing poisoned certs in the future
Last month, an attacker spammed several high-profile PGP certificates with tens of thousands (or hundreds of thousands) of signatures (CVE-2019-13050) and uploaded these signatures to the SKS keyservers.
Without looking very deep, I quickly stumbled on 4 keys that were attacked last month:
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
About Michael
. . . → Read More: Mitigating Poisoned PGP Certificates (CVE-2019-13050)
