New encryption vulnerability means email is no longer secure

PSA PGP and S  MIME are broken and leaking encrypted emails – stop using them right now

PSA PGP and S MIME are broken and leaking encrypted emails – stop using them right now

Hackers have a better chance of getting into encrypted email than previously thought, according to a new paper released Monday by a team of European cybersecurity researchers.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim.

The use of PGP - short for Pretty Good Privacy - for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russian Federation.

In its blog post announcing the insecurity of email, the EFF suggests you use an app called Signal that can be used on mobile devices and computers.

The Efail report lists additional steps users can take to reduce the likelihood of falling prey to encryption attacks - namely, decrypting S/Mime and PGP outside email clients in a separate application and disabling HTML rendering altogether.

Hawaii asks Trump to declare state of disaster for volcano eruption
Other dangers persist, not only in the form of lava but also earthquakes and newly formed cracks. "This is a huge change". But on Thursday night, Hawaii Volcanoes National Park closed to the public and will remain closed indefinitely.

In other words, once hackers gain access to your emails, they can use the HTML tags in your emails to prompt mail clients to erroneously decrypt those emails in a way that hackers can access. "Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking Efail".

Most details are available over on the official site, but researchers added that Apple Mail, iOS Mail and Mozilla Thunderbird are the worst affected as they have "even more severe implementation flaws allowing direct exfiltration of the plaintext that is technically very easy to execute".

Professor Schinzel posted on Twitter that the university would publish its findings in the early hours of Tuesday morning, before alerting the Electronic Frontier Foundation (EFF), who first reported the vulnerability.

An EFF advisory says "these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages". "Or if you really need to read them use a proper MIME parser and disallow any access to external links", he says. "We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails that abuse existing and standard-conforming backchannels, for example, in HTML, CSS, or x509 functionality, to exfiltrate the full plaintext after decryption". CounterMail, Hushmail and Mailfence all use OpenPGP.

The research paper details multiple approaches for using the vulnerabilities to decrypt S/MIME and OpenPGP encrypted emails. And many corporate email services employ S/MIME.

Recommended News

  • Another Democratic Senator Announces Support For CIA Nominee Gina Haspel

    Another Democratic Senator Announces Support For CIA Nominee Gina Haspel

    Before she arrived, a high-value al-Qaida member was tortured extensively at the black site, by waterboarding and other methods. Mr Trump said Democrats like Donnelly say one thing, "and then they go to Washington and vote for the radical, liberal agenda".
    Where can I watch Leinster vs Racing 92 on TV?

    Where can I watch Leinster vs Racing 92 on TV?

    A penalty against Bernard Le Roux for a needless high shot on Johnny Sexton gave them an opportunity to attack. Racing went ahead with an Iribaren penalty but Sexton levelled.

    Elon Musk's SpaceX debuts updated Falcon 9 rocket built for rapid relaunches

    Such tasks belong to the firm's initiatives to establish totally as well as quickly multiple-use rockets as well as spacecraft. SpaceX founder and CEO Elon Musk expressed high hopes for Block 5, which he said will be the final version of the Falcon 9.
  • The NES Classic Edition Will Return To Store Shelves This June

    The NES Classic Edition Will Return To Store Shelves This June

    NES and SNES Classics still sell for about $120 - about double the original price - on Craigslist in the Pittsburgh area. Just like the NES Classic, many websites resold the Super NES Classic for far greater than the MSRP of $79.99.
    Thanos is coming to Fortnite

    Thanos is coming to Fortnite

    Thanos has the power of telekinesis, superhuman strength, telepathy, stamina, and durability just to name a few. For starters, Thanos' punch attack is super powerful and can pulverize anyone foolish enough to get too close.
    'Alert Ready' system test coming to Manitoba Wednesday

    'Alert Ready' system test coming to Manitoba Wednesday

    Residents of the Northwest Territories will receive a test alert via their phones on the afternoon of Wednesday, May 9 . The alert messages are distributed by cell broadcast technology and can not be tracked.
  • Walmart buys 77% of stake in Flipkart at $16 Billion

    Walmart buys 77% of stake in Flipkart at $16 Billion

    Kalyan Krishnamurthy will continue to be the CEO of the company, while co-founder Binny Bansal will be the Group CEO of Flipkart. Lately, Walmart has been facing a decline in its sale, but with Flipkart, it can increase its market value in India.
    Trump laywer Michael Cohen, healthcare policy expert?

    Trump laywer Michael Cohen, healthcare policy expert?

    Stephenson also said in the memo that the company's head of lobbying and external affairs, Bob Quinn , 57, would be retiring. So when he took office, there were concerns within AT&T and Time Warner that he or his aides would try to block the deal.
    Logan County under severe thunderstorm watch until 7 pm

    Logan County under severe thunderstorm watch until 7 pm

    The warning is for Northumberland, Juniata, Snyder and Perry County as well as southeastern Union County until 5:30 p.m. Tuesday, there will be a 40 percent chance of showers and thunderstorms, with a high near 86, the weather service said.
  • Manchester United Or Real Madrid? Neymar Responds To Transfer Rumours

    Manchester United Or Real Madrid? Neymar Responds To Transfer Rumours

    Paris Saint-Germain forward Neymar has revealed that he does not want to entertain any speculation regarding his future. Neymar stunned the football world a year ago by quitting Barcelona to join PSG for a colossal £198 million.
    Nawaz Sharif confirms Pakistani militants carried out 26/11 Mumbai attacks

    Nawaz Sharif confirms Pakistani militants carried out 26/11 Mumbai attacks

    Union Minority Affairs Minister Mukhtar Abbas Naqvi told ANI, "Pakistan is exclusively responsible for 26/11 terrorist attack". The lone survivor, Ajmal Amir Kasab, was caught and was sentenced to death at Yerwada Central Jail in Pune in 2012.
    Is US being conned by Kim Jong Un?

    Is US being conned by Kim Jong Un?

    We reaffirmed that our goal is to achieve the complete verifiable and irreversible denuclearization on the Korean Peninsula. Anchor: KBS held an exclusive interview with the US acting Undersecretary of State for Public Diplomacy Heather Nauert.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.