Critical flaw found in email encryption tools

В самом популярном способе шифрования нашли дыру

However, there is some debate as to how serious the issues are.

The security flaws in both the standard were discovered by a group of researchers in Europe.

Unlike PGP, S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email-only encryption program.

A research team of nine academics from the Electronic Frontier Foundation has discovered critical vulnerabilities in two email encryption tools. While doing so, the client loads any external content, thus, exfiltrating the plaintext to the attacker.

According to a tweet from Schinzel, the vulnerabilities "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past". "This creates a single encrypted body part that exfiltrates its own plaintext when the user opens the attacker email". This new vulnerability allows hackers and attackers the ability to read encrypted HTML emails in plaintext files. Explore practical tips you can implement to reduce the risk of a successful email attack in this whitepaper. Attacks using the EFAIL vulnerability take advantage of "active content" in HTML emails, such as externally loaded graphics, to extract the plain text through those requested URLs. They warn that the flaw won't be fully fixed until the IT community updates the PGP and S/MIME standards. If it's not, GnuPG returns an alert.

A threatening flaw in email encryption was revealed Monday in a report from European researchers.

This is possible because of a basic flaw of end-to-end encryption, they add.

Gove expresses doubts about Brexit customs plan
Business Secretary Greg Clark, Brexit Secretary David Davis and Northern Ireland Secretary Karen Bradley will look at max-fac. All EU members are part of the customs union which means there are no tariffs on goods transported between member states.

Koch says some MUAs' failure to block hidden HTML links are the problem.

His colleague Robert Hansen said on Twitter that the issue had been known about for some time.

Users of platforms that use S/MIME and PGP encryption have been advised to disable email encryption to avoid the chances of an attack. "It seems to not be easily reproducible in all cases".

An attacker could gain access to encrypted emails by monitoring network traffic, compromising email servers or the computers of users, or gaining access to backup servers. "Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts".

Indeed, El Reg recommends opening PGP-encrypted emails in a text editor on a secured virtual machine, host, or container, depending on your level of paranoia, rather than allow encrypted HTML messages to be parsed and rendered.

"Email is no longer a secure communication medium", Sebastian Schinzel, a professor of computer security at Germany's Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitung. "In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation", the expert said. They have published guides for Thunderbird, Apple Mail, and Outlook.

Email users who use PGP (based on OpenPGP) and S/MIME to encrypt and decrypt their communications are at "immediate risk".

Related News:



Most liked

US To Help North Korea Upon Nuclear Surrender - Pompeo
One told reporters that being free was "like a dream; we are very, very happy". Singapore also has a track record for hosting worldwide summits.

A Sports Book Is Coming To A Betting Parlor Near You
In 2011, voters in New Jersey approved a ballot measure legalizing sports betting, hoping to revive their state's gaming industry. Critics have raised fears that legalized gambling could make "points shaving" or other forms of corruption more prevalent.

Manchester United ready to pay world record fee for Neymar
Due to the valuations mentioned above, the Emir is said to find suggestions of a €260m exit for Neymar to Real Madrid "humorous". The star also lauded his PSG teammate Kylian Mbappe, who is just 19, as "the best in the world for his age".

'Avengers' stays on top of the box office
Meanwhile, Gabrielle Union's " Breaking In " launched in third with $16.5 million in 2,537 locations. In second is Warner Bros. and New Line's Life of the Party , delivering an estimated $18.5 million.

Israel has right to self-defence
Le Drian said that the 2015 agreement on Iran's nuclear activities remained in force despite the U.S. pulling out on Tuesday. Israel has warned it will not tolerate its archenemy Iran establishing a military presence on its doorstep.

Zarif embarks on journey to save nuclear deal by first visiting China
Add that trump intends to immediately impose sanctions against any foreign companies that will do business with Iran. European signatories have undertaken a flurry of diplomatic activity to try to protect trade deals worth billions.

BJP will win almost 130 seats in Karnataka, says Yeddyurappa
Meanwhile, Chief Minister Siddaramaiah has reiterated that he was confident of Congress retaining the power. Still, Polling to 222 Karnataka Assembly constituencies began at 7 AM and will continue till 6 PM.

Hamas Chief Visits Cairo a Day Before US Relocates Embassy to Jerusalem
Israel captured east Jerusalem in the 1967 Mideast war and annexed it in a move not recognized internationally. Since late March, 42 Palestinians have been killed in weekly clashes with Israel along the Gaza border.

Ricciardo to get pre-race 'talking to'?
However he didn't sound all together convinced that this is on the cards again this weekend. Look, we've attacked before and kept it clean, so we just need to do that".

Pep identifies the team to watch in the league next season
Manchester City have their eyes on another century as they aim to wrap up their outstanding season with a flourish. City's 105 goals and 31 wins are also Premier League records that could be increased further this weekend.

Afghanistan: 9 killed in Jalalabad attack
Taliban militants and fighters of Islamic State outfit have presence in Nangarhar province, some 120 km east of Kabul. The attack targeted the tax and revenue office of Nangarhar Province in the city center of Jalalabad on May 13.

Kelvin Gastelum Plans on Waiting for a Title Shot
The No. 5-ranked middleweight immediately called out for a title shot against the victor of UFC 225's Robert Whittaker vs. If I don't make a statement, I don't think I'll be able to contend for the title next.

Seattle Mariners vs. Detroit Tigers, 5/12/2018 Prediction & Odds
Castellanos got hit in his left hand with a pitch Saturday and the team is calling it a "finger contusion". Cano is batting.287 with four home runs and 23 RBIs this season for Seattle.

Martinez Drives In 3, Sox Win
Gamblers can also bet on the game's runline with the odds standing at Red Sox -1.5 runs (+120) and Blue Jays 1.5 runs (-140). Blue Jays: Toronto selected RHP Deck McGuire from Triple-A Buffalo and optioned INF Lourdes Gurriel Jr.to Triple-A.

Michael Carrick shows class during Manchester United farewell
"It's hard because he is my friend, 17 years is a long time", Mourinho said after beating Watford . Michael Carrick will join Mourinho's staff after this season.