Enigmail has patched a hole in the PGP email platform that caused mail to be sent unencrypted when all security check boxes were ticked.
According to The Register, any Enigmail user may have sent apparently encrypted emails that could be read by attackers. Previously Enigmail would ask if one wants to ‘Hide BCC recipients’ and then send the email encrypted to all of them without revealing to whom the email was sent. However functionality was missing in version 1.7. Even when marked to be encrypted, an email with only BCC recipients was sent in plain text.
Computer scientist posting on the Enigmail support forum blasted the error and expresed dismay at having to tell journalists in an upcoming training session to use command prompt to send email. Prior to the official patch, the bug was fixed only in a nightly Enigmail build while the vulnerable stable version remained open for download without prominent warning.
