PGP: 'Serious' flaw found in secure email tech

PGP: 'Serious' flaw found in secure email tech

The attack works by exploiting how email clients read HTML code, researchers said.

The vulnerabilities dubbed EFAIL are harmful as they can reveal the contents of messages in plain text, even for the messages from the past.

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers. On the other hand, S/MIME is used mainly in enterprise infrastructure.

In separate news, the researchers have come up with a new technology that could make hacking impossible.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today. "Having used PGP since 1993, this sounds baaad (sic)", F-Secure's Mikko Hypponenwrote in a tweet.

"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email." an EFF spokesperson advised.

Furthermore, in order to exploit the Efail vulnerability, attackers would need to capture emails and send them to the original recipient for decryption, the researchers said.

The terrorist attacked the passers-by in the centre of Paris
A separate list, the File for the Prevention of Terrorist Radicalization (FSPRT), focuses on people judged to be terror threats. The law led to a heated discussion in the parliament, while the United Nations experts criticized it for "vague wording".

While the requirement that attackers have access to previously sent e-mails is a an extremely high bar, the entire goal of both PGP and S/MIME is to protect users against this possibility. Numerous email clients also support S/MIME - Secure/Multipurpose Internet Mail Extensions - for sending encrypted communications and digitally signing messages.

On the victim's end, the email client first decrypts the second part and then combines all three into one email. But the authors state that they have "disclosed the vulnerabilities to all affected email vendors, and to national CERTs and our findings were confirmed by these bodies". While PGP is today owned by Symantec, an open source implementation called GNU Privacy Guard (GPG) has been widely adopted by the security community in a number of contexts, this is referred to as OpenPGP.

The group of researchers plan to publish their research paper with details about the vulnerability on Tuesday.

"This is bad because the people who use PGP use it for a reason", he told the BBC. You can also disable HTML rendering in your email messages.

The researchers claim that they have disclosed their findings "responsibly" to global computer emergency readiness teams (Certs), GNU PG developers and the affected suppliers, which have applied (or are in the process of applying) countermeasures.

YOUR EMAILS could be vulnerable to interception following a discovery of a major flaw in PGP/S-MIME encryption, far and away the most popular was of protecting emails.

Related Articles

  • Oklahoma State softball makes NCAA Tournament

    Oklahoma State softball makes NCAA Tournament

    The Cougars enter with a 33-12 record and finished runner-up in the Northern Athletic Collegiate Conference (NACC) Tournament. Regional, Drake (43-10) and BYU (35-20) are joined by Albany (30-24) and the No. 1 overall team in the tournament, OR (47-7).
    The 2018 Nobel Prize For Literature Has Been Cancelled

    The 2018 Nobel Prize For Literature Has Been Cancelled

    A debate over how to face up to its flaws also divided its 18 members, who are appointed for life, into hostile camps. The Swedish Academy's annual meeting at the Stock Exchange Building in Stockholm , December 20, 2017.
    Spanish GP: Sebastian Vettel defends Ferrari pit-stop strategy

    Spanish GP: Sebastian Vettel defends Ferrari pit-stop strategy

    Azerbaijan Grand Prix star Charles Leclerc kept his name in the points-paying positions by rounding off the top ten for Sauber. Vettel gave away his position when Ferrari made a decision to go for an extra stop and give the German driver fresher tires.
  • Zverev-Thiem to pursue Masters 1000 title

    Zverev-Thiem to pursue Masters 1000 title

    Asked if he feels at that level, the German replied: 'Rafa is the favorite no matter where he plays on a clay court. Nadal defeated Stan Wawrinka in straight sets previous year to win the French Open for a record 10th time.
    Vasyl Lomachenko KO's Jorge Linares

    Vasyl Lomachenko KO's Jorge Linares

    It's the modern way to want to call someone the greatest, and Lomachenko hasn't even fought 10 full rounds as a lightweight yet. The third saw Linares score with his telling right hooks which has been the main part of his arsenal throughout his career.
    UFC 224 Results: Amanda Nunes stops Raquel Pennington in 5th round

    UFC 224 Results: Amanda Nunes stops Raquel Pennington in 5th round

    Lineker introduced his heavy hands at the midpoint of the first-round when he dropped Kelleher to the canvas with a left hook. Amanda Nunes didn't look like the same fighter who steamrolled Miesha Tate and Ronda Rousey in back-to-back 2016 fights.
  • Iran's Foreign Minister in China to rescue nuclear deal

    Iran's Foreign Minister in China to rescue nuclear deal

    Zarif is now on a tour of the countries that are the parties to the agreement on the Joint Comprehensive Plan of Action (JCPOA) to hold consultations to salvage the deal.
    Is Dubai still on Uber's radar for flying taxis?

    Is Dubai still on Uber's radar for flying taxis?

    At the most recent conference, Uber also announced an open call for the selection of its first worldwide UberAIR launch city. The ride-sharing company unveiled its latest research and plans at the second annual Uber Elevate Summit this week.
    MPC votes 7-2 to hold Bank Rate at 0.5%

    MPC votes 7-2 to hold Bank Rate at 0.5%

    The announcement comes just weeks after observers seemed nearly unanimous in their predictions of a May rise in interest rates. The inflation rates of the most import-intensive components of the CPI appear to have peaked.
  • Israel PM Benjamin Netanyahu says Iran crossed 'red line' with rocket fire

    Israel PM Benjamin Netanyahu says Iran crossed 'red line' with rocket fire

    An Israeli warplane was shot down during the battle. "We did not come to the Iranian border, they came here", he said . Last month, an attack on Syria's T4 air base in the central Homs province killed seven Iranian military personnel.
    SpaceX delays launch debut of upgraded Falcon rocket

    SpaceX delays launch debut of upgraded Falcon rocket

    Bangabandhu Satellite-1 will be deployed into a geostationary transfer orbit (GTO) approximately 33 minutes after launch. SpaceX is one of two private companies hired by NASA to ferry astronaut crews to the space station.
    Juventus defeated AC Milan and won the Italian Cup

    Juventus defeated AC Milan and won the Italian Cup

    Buffon made an early save off Patrick Cutrone minutes into the game with Costa and Paulo Dybala both testing Donnarumma. An own goal by substitute Nikola Kalinic completed a calamitous defensive display by Milan .