Critical flaw found in email encryption tools

В самом популярном способе шифрования нашли дыру

However, there is some debate as to how serious the issues are.

The security flaws in both the standard were discovered by a group of researchers in Europe.

Unlike PGP, S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email-only encryption program.

A research team of nine academics from the Electronic Frontier Foundation has discovered critical vulnerabilities in two email encryption tools. While doing so, the client loads any external content, thus, exfiltrating the plaintext to the attacker.

According to a tweet from Schinzel, the vulnerabilities "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past". "This creates a single encrypted body part that exfiltrates its own plaintext when the user opens the attacker email". This new vulnerability allows hackers and attackers the ability to read encrypted HTML emails in plaintext files. Explore practical tips you can implement to reduce the risk of a successful email attack in this whitepaper. Attacks using the EFAIL vulnerability take advantage of "active content" in HTML emails, such as externally loaded graphics, to extract the plain text through those requested URLs. They warn that the flaw won't be fully fixed until the IT community updates the PGP and S/MIME standards. If it's not, GnuPG returns an alert.

A threatening flaw in email encryption was revealed Monday in a report from European researchers.

This is possible because of a basic flaw of end-to-end encryption, they add.

Pep identifies the team to watch in the league next season
Manchester City have their eyes on another century as they aim to wrap up their outstanding season with a flourish. City's 105 goals and 31 wins are also Premier League records that could be increased further this weekend.

Koch says some MUAs' failure to block hidden HTML links are the problem.

His colleague Robert Hansen said on Twitter that the issue had been known about for some time.

Users of platforms that use S/MIME and PGP encryption have been advised to disable email encryption to avoid the chances of an attack. "It seems to not be easily reproducible in all cases".

An attacker could gain access to encrypted emails by monitoring network traffic, compromising email servers or the computers of users, or gaining access to backup servers. "Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts".

Indeed, El Reg recommends opening PGP-encrypted emails in a text editor on a secured virtual machine, host, or container, depending on your level of paranoia, rather than allow encrypted HTML messages to be parsed and rendered.

"Email is no longer a secure communication medium", Sebastian Schinzel, a professor of computer security at Germany's Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitung. "In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation", the expert said. They have published guides for Thunderbird, Apple Mail, and Outlook.

Email users who use PGP (based on OpenPGP) and S/MIME to encrypt and decrypt their communications are at "immediate risk".

Related News:



Most liked

82 women protesting at Cannes win a pledge for more women directors
On today's premiere of French Director Eva Husson's " Girls of the sun " ( Les Filles Du Soleil ) will be talking for a long time. Once these guidelines are implemented, the festival should organically see a sharp uptick in films directed by women.

Govt seeks Aramco, Adnoc backing for $44 billion oil refinery
ADNOC's new strategy is expected to create more than 15,000 jobs and contribute 1% to UAE GDP growth. India-UAE Relations have zoomed to the highest possible level under Indian PM Narendra Modi .

Rafael Nadal breaks John McEnroe's 34-year-old record
Rafael Nadal's 21-match unbeaten run on clay has come to an end thanks to a surprise defeat to Dominic Thiem at the Madrid Open . Thiem will take on South African big man Kevin Anderson who finally broke his duck and made his first Masters semifinal.

Sadr headed for first place in Iraq election -commission
Sadr leads the al-Sairoon Coalition (The Marchers) that brings together his Sadrist Movement and the Iraqi Communist Party . The vote was widely seen as a verdict on Abadi's tenure and his pledge to be more inclusive of Iraq's Sunni minority.

Petrol, diesel prices touch record high: 10 points
Indian OMCs disposed of the daily revision in fuel prices that was being carried out from June 2017. Also, the rupee has weakened to Rs 67 per USA dollar from Rs 66.62, making imports costlier.

Sunny Monday expected, possible thunderstorms in the evening
There is a slight chance of showers and storms for the KVOE listening area by late afternoon with a better chance around sunset. According to the National Weather Service in Hastings, Grand Island received 0.28 of an inch of rain from the storm.

Iran's supreme leader shares photo reading "Fire and Fury"
Iran responded with frustration, but it now appears to be engaging in a more off-the-cuff manner. Trump, I tell you on behalf of the Iranian people: You've made a mistake.

Israel has right to self-defence
Le Drian said that the 2015 agreement on Iran's nuclear activities remained in force despite the U.S. pulling out on Tuesday. Israel has warned it will not tolerate its archenemy Iran establishing a military presence on its doorstep.

Zarif embarks on journey to save nuclear deal by first visiting China
Add that trump intends to immediately impose sanctions against any foreign companies that will do business with Iran. European signatories have undertaken a flurry of diplomatic activity to try to protect trade deals worth billions.

Trump scrambles to save Chinese phone company hurt by his export ban
He returned to the topic more than five hours later by blasting past trade agreements between the two countries. But Mr Trump said he was optimistic about the future of the countries' trade relations.

Macron calls friend Trump, angry over his Iran nuclear move
That would be a good thing - while we're talking, we're not shooting - and Trump would have achieved something worthwhile. White House spokeswoman Sarah Huckabee Sanders issued a statement citing actions in Syria and Saudi Arabia.

Pak-Trained Man Planned High-Profile Assassinations In Mumbai, Arrested
The man was presented before a local court, which has sent him to the ATS custody till May 21. The officer added, "He is being interrogated to find details of his contacts".

China's First Home-Built Aircraft Carrier Started Sea Trials
The US is the largest operator, with 11 nuclear-powered carriers, each having a full-load displacement of about 100,000 tons. Now the country only has a retrofitted Soviet-era aircraft carrier called the Liaoning , which was launched in 2012.

Fox News Bans Guest Analyst Who Said Torture 'Worked' on John McCain
Senator John McCain (R-AZ) (C) talks to reporters on his way to vote on the Senate floor at the U.S. Rucker is the White House Bureau Chief for The Washington Post.

Michael Carrick shows class during Manchester United farewell
"It's hard because he is my friend, 17 years is a long time", Mourinho said after beating Watford . Michael Carrick will join Mourinho's staff after this season.