Researchers Warn Of Critical PGP And S/MIME Email Encryption Vulnerabilities

In the Finder menu bar select Go > Go to Folder

A group of European security researchers have discovered vulnerabilities that could be exploited to "reveal the plaintext of encrypted emails", including those sent in the distant past, CSO reported.

The attack works on past trails of messages; so, for example, if a regime has been stealthily collecting emails sent by suspected dissidents in hopes of someday decrypting them, EFAIL will allow a nation-state to force the person's email client to now decrypt them.

The problem had been investigated by Sebastian Schinzel, at Munster University of Applied Sciences.

By comparison, the Gadget Attack affects a much wider variety of mail clients, including Microsoft's Outlook, but ranges in efficacy based on whether it's used against PGP or S/MIME encryption.

In fact, users are being advised to stop using and disable the encryption tools immediately in their email client if they use them for sensitive communications.

S/MIME is very similar to PGP except that instead of users defining their own encryption methods and web of trust (how to share their private encryption keys), S/MIME uses predefined encryption standards and public-private keypairs distributed by a trusted authority.

Here are the steps to temporarily disable PGP plug-ins to avoid exposure until these flaws are fixed. This attack relies on a three-part message being sent.

Simpson extends lead at Players
He has made only two bogeys and one double-bogey in 54 holes and is at 19-under par 197, equaling Greg Norman's tournament record. But he cooled off a bit on the back nine, three-putting for bogey on 14 and failing to get up-and-down for birdie on 16.

PGP is considered the standard for email encryption and was first introduced way back in 1991.

End-to-end encryption is used specifically to secure emails that have been compromised in those manners.

However, Werner Koch, free software developer and author of the GNU Privacy Guard, posted information on Monday which claims the warnings from EFF are "pretty overblown".

"Malleability of these two encryption modes is well-known and has been exploited in many attacks on network protocols like TLS, IPsec, or SSH, but it has not been exploited in plaintext-recovery attacks on email standards", the researchers wrote. "Or if you really need to read them use a proper MIME parser and disallow any access to external links", he says. He recommended switching off HTML emails or using authenticated encryption.

Yet chances are good that numerous people who use OpenPGP do so via affected email clients. "In 2018, businesses must re-evaluate how they communicate, opting to phase out email for secure communications solutions that are open-source, independently audited and end-to-end encrypted".

More details are to be published on May 15 at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific) by the team.

A vulnerability exists in programs PGP, GPG and S/MIME.

Related News:



Most liked

Moyes wants to stay at Hammers
If he is their number one target, then action must be imminent, for they risk missing out the longer they wait. Asked when his West Ham contract officially expires, Moyes said: "Midnight, I think".

Deadpool Star Ryan Reynolds Sings Classic Annie Tune as a Unicorn
Ryan Reynolds addresses the future of the franchise with uncertainty, claiming he might revisit Deadpool "down the road". They appeared impressed with the performance and the actor received a resounding applause for his performance.

BlacKkKlansman, Cannes Film Festival
BlacKkKlansman had its world premiere on Monday at the Cannes Film Festival , where it will compete for the Palm d'Or. Stallworth detailed his experience in his 2014 novel " Black Klansman ".

Yemen-UAE dispute over Socotra 'resolved': Yemeni PM
Yemeni government and the United Arab Emirates agreed on a deal for the UAE forces to withdraw from the strategic Socotra Island. Yemen has subsequently accused the UAE of trying to " colonize " Socotra.

Nigeria name provisional World Cup squad
Regulars such as John Obi Mikel, Victor Moses , William Troost-Ekong and defensive partner Leon Balogun made the cut. Rohr picks four goalkeepers: Ikechukwu Ezenwa, Daniel Akpeyi , Francis Uzoho and Dele Ajiboye .

OnePlus 6 briefly listed on Amazon Germany starting from ~RM2449
This card will allow you to purchase the device on May 21 and May 22 when the limited sale of the phone opens on Amazon India . These renders and details came from product pages that somebody accidentally posted a bit early on Amazon Germany.

Apple facing class action lawsuit over defective MacBook Pro keyboards
However, according to this lawsuit, that warranty is not enough as the core functionality of these laptops has been impacted. The new mechanism replaced the scissors-shaped one, which is the default key switch mechanism for most laptop keyboards.

Israeli Soccer Team Adding 'Trump' To Name To Celebrate Embassy Move
The president himself has supported plans to move its own country's embassy to Jerusalem, though the prime minister Andrej Babiš opposes such a move.

NES Classic Returning this June 2018
Taking to Twitter , the official Nintendo America account tweeted the console's return along with a release date of June 29th. The console, which is a mini-version of the original NES from 1983, will go on sale in the USA from June 29 of 2018.

Superman Actress Margot Kidder Passes Away
However, her career came to a halt after she was seriously injured in a auto crash, leaving her unable to work for two years. Edgar Wright tweeted a black-and-white picture of Kidder with the caption, "Sad to hear of the passing of Margot Kidder ".

The Final 'Gotham' Season Will Focus on Bruce Wayne's Transformation Into Batman
Warners will now have the only two outside studio-produced shows on Fox's 2018-19 broadcast schedule. Gotham fans received bittersweet news regarding the future of the show.

Violence in WB is destruction of democracy: Yechury
In Bilkanda, which is in the North 24 Pargana district, BJP candidate Raju Biswas has been stabbed in the stomach. In Birbhum, masked men carrying weapons and sticks were seen intimidating voters outside some of the booths.

Two men hurt after light aircraft crashes in Co Offaly
Mr Slattery said the sound of planes taking off and landing wasn't unusual in the area, and the noise he heard wasn't dissimilar. Footage from the scene of the light aircraft crash in County Offaly shows a number of fire trucks, Garda cars and ambulances. .

Morgan Stanley Cuts EQT Midstream Partners (NYSE:EQM) Price Target to $71.00
ValuEngine downgraded EQT Midstream Partners from a "buy" rating to a "hold" rating in a research note on Friday , February 2nd. Meridian Wealth Management LLC purchased a new stake in shares of EQT Midstream Partners during the 1st quarter worth $262,000.

Bear Attacks Girl In Orchard Mesa
A woman heard screaming outside at around 2.30am in East Orchard Mesa above the Colorado River corridor, the Denver Post reported. The mother tells CPW that her daughter had gone outside because she thought she heard her dog making noises in the yard.