Home » Sci-tech

European researchers warn against risks of popular encrypted email standards

14 May, 2018, 20:42 | Author: Camille Rivera
  • Daniel Sambraus—EyeEm Getty Images

"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email", the EFF said.

On Monday morning, the Electronic Frontier Foundation (EFF) reported that Efail is able to expose HTML emails encrypted with PGP and S/MIME encryption programs - even those that were sent years ago. "We devise working attacks for both OpenPGP and S/MIME encryption, and show that exfiltration channels exist for 23 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients".

In a paper published Monday, the group outlined a proof-of-concept process for how attackers could exploit weaknesses in how email clients like Apple Mail, iOS Mail, and Mozilla Thunderbird manage HTML in messages. "Having used PGP since 1993, this sounds baaad".

A group of nine researchers has discovered a critical vulnerability in the systems end-to-end email encryption using OpenPGP and S/MIME. As there are "currently no reliable fixes for the vulnerability", the researchers are advising users to immediately disable the encryption within individual email clients and use other methods to send their secure data for now.

The research paper details a method whereby the simple omission of not closing the URL with quotes can enable an attacker to get access to the decrypted email contents.




Anyone who actively wants their email communication to be secure and private - and uses common email security plugins - should take notice.

Security researchers, backed up the EFF, have issued a warning over PGP and S/MIME encryption. That's because EFAIL can be stopped by using authenticated encryption; OpenPGP started to support authenticated encryption in 2001.

Professor Schinzel is a member of a research team consisting of a long list of respected security researchers, and which has been responsible for uncovering a number of cryptographic vulnerabilities. The newly found vulnerability has the potential to reveal encrypted emails in plaintext, including emails sent in the past.

It recommended that users switch for the time being to secure messaging app Signal for sensitive communications. (S/MIME is more typically used to protect corporate emails, which means its use is up to the IT department, not individual workers.) We're still in the "knee-jerk reaction" phase of the response cycle.

It advised users to disable the use of active content, such as HTML code and the loading of external content, and to secure their email servers against external access.

Recommended:

  • Pakistan 268-6 against Ireland at 2nd day close

    Pakistan 268-6 against Ireland at 2nd day close

    When Stirling did come on, a well-set Faheem launched the part-time spinner over long-on for six. First, it was Shadab who played the aggressor and then Faheem to help Pakistan revive.
    Trump Greets 3 Americans Freed by North Korea

    Trump Greets 3 Americans Freed by North Korea

    Shuang has said that China welcomes the positive progress made by the leaders of the DPRK and the USA to prepare for the summit. And President Trump going there would play into North Korea's propaganda machine - that the American President is coming to us.
    Seoul 'tricked' N. Korea waitresses into defecting: manager

    Seoul 'tricked' N. Korea waitresses into defecting: manager

    The summit will be the first meeting ever between a sitting United States president and the leader of North Korea. But Libya's program was not almost as advanced as North Korea and the country had not already stockpiled weapons.
  • Leahy comments on White House aide mocking Senator John McCain

    Leahy comments on White House aide mocking Senator John McCain

    John McCain is still showing his influence in Washington while battling cancer thousands of miles away in Arizona. Sadler reportedly called McCain's daughter, Meghan McCain, after making the remark.
    Mercedes in front again in final practice for Spanish GP

    Mercedes in front again in final practice for Spanish GP

    There was a massive scalp when Renault's Nico Hulkenberg was eliminated along with the 2 struggling Williams and Marcus Ericsson. His time was only good enough for 16th. "It is a little bit disheartening as I don't really know what I could have done more".
    US Fighters have Intercepted Two Russian Strategic Bombers near Alaska

    US Fighters have Intercepted Two Russian Strategic Bombers near Alaska

    F-22 fighters escorted the Russian aircraft for 40 minutes and kept a distance of over 100 meters, he said in a statement. The Russian bombers never entered USA airspace, the spokesman for the North American Aerospace Defense Command told CNN.
  • Nintendo NES Classic Edition is coming back again . . . on June 29

    Nintendo NES Classic Edition is coming back again . . . on June 29

    The tiny, retro Nintendo console that was almost impossible to snag 18 months ago will return to store shelves this summer. The $59.99 NES Classic Edition is a mini version of the Nintendo Entertainment System that originally launched in 1985.
    Kangana Ranaut talks about gender equality in films at her Cannes debut

    Kangana Ranaut talks about gender equality in films at her Cannes debut

    And for the final debut on the red carpet, she chooses a designer dress giving an ample view of her curves from all dimensions. Accessorising with wavy hair and crystal earrings , we reckon Deepika was the belle of the ball with this look.
    South Sudan on alert as Ebola outbreak reported in Congo

    South Sudan on alert as Ebola outbreak reported in Congo

    World Health Organization has recorded 32 suspected or confirmed cases in Bikoro, including 18 deaths, between April 4 and May 9. A new experimental vaccine has been shown to be highly effective against the virus, though quantities are now limited.
  • Poster depicts Lalu's son as 'Shiva, daughter-in-law as 'Parvati'

    Poster depicts Lalu's son as 'Shiva, daughter-in-law as 'Parvati'

    As the chief minister arrived at the veterinary college grounds in Patna - the wedding venue - he was greeted with loud cheers. Tej Pratap's baarat (wedding procession) comprised of 200 cars, horses and brass bands.
    RIP Himanshu Roy, condolence messages pour in

    RIP Himanshu Roy, condolence messages pour in

    In Dey's case, the then chief minister had issued instructions that he wanted an update on the investigations every six hours. The primary investigations revealed that Roy was in his bedroom and his wife in another room when he shot himself.
    Alonso making most out of his season despite McLaren's woes

    Alonso making most out of his season despite McLaren's woes

    Alonso started 13th in Azerbaijan and dropped to the back of the pack after another vehicle collided with him on the first lap. They reset whatever happened in the first couple of races and they come here and expect you to win and deliver the result.


Popular

Russian Federation moves to save Iran nuke deal
The top Iranian diplomat said he and Lavrov discussed the JCPOA and a broad range of bilateral, regional and worldwide issues. Beijing has expressed regret over Trump's decision to withdraw from the nuclear and says it remains committed to the pact.

Hurricane forecasters still watching disturbance in Gulf
At this time, the heaviest rainfall of three to five inches or more is expected to remain well to our east over Florida. Rain and storm coverage daily will be around 60% and temperatures will be held to the lower 80s and even upper 70s.

Manchester United ready to pay world record fee for Neymar
PSG's dominance of the French game this season was reflected in the awards. Mbappe has netted 13 since joining from deposed champion Monaco.

Why the USA embassy move to Jerusalem is so controversial
Palestinians seek East Jerusalem as the capital of a state they want to establish in the occupied West Bank and the Gaza Strip. More than 50 US diplomats will staff the Jerusalem embassy and the operation is expected to grow in coming months.

Suspect in custody after shots fired at California school
The suspect, a male, was apprehended near a Vons grocery store in Palmdale, a Los Angeles County fire official said. One person has been injured in a shooting at a California high school amid multiple reports of a gunman on campus.

Stage intruder invades SuRie's Eurovision 2018 final performance
Singer Elina Nechayeva nailed her operatic belter La Forza, climaxing in a cacophony of Mariah Carey-esque whistle notes. On the second place according to the bookies will be 25-year-old Netta Barzilai from Israel with the song "Toy".

Leinster snatch Champions Cup glory as Remi Tales drop goal drifts wide
Leinster coach Cullen and Racing counterpart Travers are not just fighting it out to lead their sides to glory. The game kicks off at 5.45pm local time so we'll be on air for 4.45pm with full commentary and analysis.

Mars Helicopter: Why NASA Is Sending A Helicopter To The Red Planet
But JPL has made sure that the Mars Helicopter has everything it needs to courageous the rough environment on the Red Planet . After the helicopter is placed on the ground the rover will be directed to drive to a safe distance to relay commands.

19-year-old sentenced to death for killing husband over rape
He said when Hussein reached out to her family for support, they handed her over to the police and reported the incident to them. Because Noura was a victim of rape, many are calling for her release, and for her not to be punished at all.

Khloe Kardashian shares first picture of baby True!
Khloe Kardashian has finally revealed her daughter, True Thompson , as she turns one month old today, Saturday, May 12, 2018. In the videos she said, "It's also a struggle trying to fit in working out between feeding.

Latest

Tendencies