Critical flaw found in email encryption tools

В самом популярном способе шифрования нашли дыру

However, there is some debate as to how serious the issues are.

The security flaws in both the standard were discovered by a group of researchers in Europe.

Unlike PGP, S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email-only encryption program.

A research team of nine academics from the Electronic Frontier Foundation has discovered critical vulnerabilities in two email encryption tools. While doing so, the client loads any external content, thus, exfiltrating the plaintext to the attacker.

According to a tweet from Schinzel, the vulnerabilities "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past". "This creates a single encrypted body part that exfiltrates its own plaintext when the user opens the attacker email". This new vulnerability allows hackers and attackers the ability to read encrypted HTML emails in plaintext files. Explore practical tips you can implement to reduce the risk of a successful email attack in this whitepaper. Attacks using the EFAIL vulnerability take advantage of "active content" in HTML emails, such as externally loaded graphics, to extract the plain text through those requested URLs. They warn that the flaw won't be fully fixed until the IT community updates the PGP and S/MIME standards. If it's not, GnuPG returns an alert.

A threatening flaw in email encryption was revealed Monday in a report from European researchers.

This is possible because of a basic flaw of end-to-end encryption, they add.

Iran's supreme leader shares photo reading "Fire and Fury"
Iran responded with frustration, but it now appears to be engaging in a more off-the-cuff manner. Trump, I tell you on behalf of the Iranian people: You've made a mistake.

Koch says some MUAs' failure to block hidden HTML links are the problem.

His colleague Robert Hansen said on Twitter that the issue had been known about for some time.

Users of platforms that use S/MIME and PGP encryption have been advised to disable email encryption to avoid the chances of an attack. "It seems to not be easily reproducible in all cases".

An attacker could gain access to encrypted emails by monitoring network traffic, compromising email servers or the computers of users, or gaining access to backup servers. "Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts".

Indeed, El Reg recommends opening PGP-encrypted emails in a text editor on a secured virtual machine, host, or container, depending on your level of paranoia, rather than allow encrypted HTML messages to be parsed and rendered.

"Email is no longer a secure communication medium", Sebastian Schinzel, a professor of computer security at Germany's Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitung. "In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation", the expert said. They have published guides for Thunderbird, Apple Mail, and Outlook.

Email users who use PGP (based on OpenPGP) and S/MIME to encrypt and decrypt their communications are at "immediate risk".

Related News:



Most liked

82 women protesting at Cannes win a pledge for more women directors
On today's premiere of French Director Eva Husson's " Girls of the sun " ( Les Filles Du Soleil ) will be talking for a long time. Once these guidelines are implemented, the festival should organically see a sharp uptick in films directed by women.

'Avengers' stays on top of the box office
Meanwhile, Gabrielle Union's " Breaking In " launched in third with $16.5 million in 2,537 locations. In second is Warner Bros. and New Line's Life of the Party , delivering an estimated $18.5 million.

Israel has right to self-defence
Le Drian said that the 2015 agreement on Iran's nuclear activities remained in force despite the U.S. pulling out on Tuesday. Israel has warned it will not tolerate its archenemy Iran establishing a military presence on its doorstep.

Hamilton ends Vettel's pole run in Spain
Vettel gave away his position when Ferrari made a decision to go for an extra stop and give the German driver fresher tires. But the decision did not work out and cost Vettel what could be a crucial six points in his title fight with Hamilton.

Zverev, Thiem To Fight For Masters 1000 Glory
He was adamant the result of Rome won't affect his preparation for the French Open. "Of course I am disappointed", Nadal said. Zverev also won four consecutive times last week at the BMW Open by FWU in Munich to celebrate his first title of the year.

BJP will win almost 130 seats in Karnataka, says Yeddyurappa
Meanwhile, Chief Minister Siddaramaiah has reiterated that he was confident of Congress retaining the power. Still, Polling to 222 Karnataka Assembly constituencies began at 7 AM and will continue till 6 PM.

Hamas Chief Visits Cairo a Day Before US Relocates Embassy to Jerusalem
Israel captured east Jerusalem in the 1967 Mideast war and annexed it in a move not recognized internationally. Since late March, 42 Palestinians have been killed in weekly clashes with Israel along the Gaza border.

Ricciardo to get pre-race 'talking to'?
However he didn't sound all together convinced that this is on the cards again this weekend. Look, we've attacked before and kept it clean, so we just need to do that".

Macron calls friend Trump, angry over his Iran nuclear move
That would be a good thing - while we're talking, we're not shooting - and Trump would have achieved something worthwhile. White House spokeswoman Sarah Huckabee Sanders issued a statement citing actions in Syria and Saudi Arabia.

Kelvin Gastelum Plans on Waiting for a Title Shot
The No. 5-ranked middleweight immediately called out for a title shot against the victor of UFC 225's Robert Whittaker vs. If I don't make a statement, I don't think I'll be able to contend for the title next.

Pak-Trained Man Planned High-Profile Assassinations In Mumbai, Arrested
The man was presented before a local court, which has sent him to the ATS custody till May 21. The officer added, "He is being interrogated to find details of his contacts".

Martinez Drives In 3, Sox Win
Gamblers can also bet on the game's runline with the odds standing at Red Sox -1.5 runs (+120) and Blue Jays 1.5 runs (-140). Blue Jays: Toronto selected RHP Deck McGuire from Triple-A Buffalo and optioned INF Lourdes Gurriel Jr.to Triple-A.

China's First Home-Built Aircraft Carrier Started Sea Trials
The US is the largest operator, with 11 nuclear-powered carriers, each having a full-load displacement of about 100,000 tons. Now the country only has a retrofitted Soviet-era aircraft carrier called the Liaoning , which was launched in 2012.

Fox News Bans Guest Analyst Who Said Torture 'Worked' on John McCain
Senator John McCain (R-AZ) (C) talks to reporters on his way to vote on the Senate floor at the U.S. Rucker is the White House Bureau Chief for The Washington Post.

Michael Carrick shows class during Manchester United farewell
"It's hard because he is my friend, 17 years is a long time", Mourinho said after beating Watford . Michael Carrick will join Mourinho's staff after this season.