There's a vulnerability in common forms of email encryption

15 May, 2018, 16:20 | Author: Yolanda Murray
  • Computer encryption

Security researchers are warning anyone who uses PGP (Pretty Good Privacy) or S/MIME for email encryption to disable the scheme in their email clients right away, and to uninstall tools that automatically decrypt PGP-encrypted email, due to a security flaw. It is recommended to disable PGP plugins in your email client of choice until there is more information about the vulnerability and a fix is being determined for the issue.

The second attack involves attackers being able to use their knowledge of parts of an email to crack its encryption. The potential for compromised communications increases if the email is part of a group conversation, as the attacker only needs to target one person in the chain to pull off the decryption.

It is probably safe to assume that once more details about the vulnerability are disclosed, the enthusiastic open source PGP community will work hard to patch the problem in as short a time as possible.

Unfortunately, these apps that offer better security than email are all quick messaging platforms, which means you don't get all the features and organization you've grown accustomed to with Apple Mail, Outlook, or Thunderbird. Users can employ PGP-compatible email clients themselves, and many secure webmail clients also make use of PGP.

Aston Martin DB11 gets more power with the AMR flagship
Power from the DB11's 5.2-litre twin-turbo V12 is up by 30hp to 640hp while torque remains unchanged at 516lb ft. On sale now, the standard DB11 AMR is priced from £174,995, a jump of £17,095 over the outgoing DB11 V12.

"They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past", researchers said.

Attackers need to send emails as specially crafted HTML messages that contain the code required to exfiltrate decoded text from vulnerable programs.

Ultimately, if you don't use PGP or S/MIME for email encryption, then there's nothing to worry about.

In other words, once hackers gain access to your emails, they can use the HTML tags in your emails to prompt mail clients to erroneously decrypt those emails in a way that hackers can access.

Somehow, none of Brad Stevens' peers voted him as NBA's best coach
This Coach of the Year Award is separate from the Red Auerbach Coach of the Year Award, which is voted on by the media. So while they may believe multiple coaches are worthy, there's only one option.

In the USA, the Electronic Frontier Foundation, which has relied on PGP extensively to secure its own email communications, recommended that users uninstall or disable their PGP email plug-in, citing the severity of the vulnerabilities.

Short Term: Disable HTML rendering in the email client for all email messages.

Indeed, El Reg recommends opening PGP-encrypted emails in a text editor on a secured virtual machine, host, or container, depending on your level of paranoia, rather than allow encrypted HTML messages to be parsed and rendered.

A modified encrypted email sent by the attacker to the victim is decrypted by their email client.

Juventus rout AC Milan to win Coppa Italia
After the final whistle, Milan captain Leonardo Bonucci and Juventus counterpart Gianluigi Buffon attempted to console Donnarumma. Milan have returned to form of late, winning back to back games after meeting Bologna and Verona.

The researchers have called for the MIME, S/MIME and OpenPGP standards to be updated, saying the Efail attacks exploit flaws and undefined behaviour in these standards.

Recommended:

  • Donald Trump says working with Xi Jinping to save telecom giant ZTE

    Donald Trump says working with Xi Jinping to save telecom giant ZTE

    The firm's products depended on American chips and other components and is unable to continue operating without key supplies. Last week, the company said that its earnings have surged, reporting a 39 percent jump in net income for the first quarter.
    Catalan lawmakers step closer to picking new regional leader

    Catalan lawmakers step closer to picking new regional leader

    He proposed political newcomer Quim Torra as his successor, urging the next regional executive to build an independent country. Catalonia has been in political limbo since December past year when pro-independence parties won early elections.
    Walmart, Sam's Club tightening opioid prescription policies

    Walmart, Sam's Club tightening opioid prescription policies

    The pharmacy will also provide naloxone recommendations for certain patients. One possible pharmacy that could do this is Walgreens.
  • White House launches new AI effort

    White House launches new AI effort

    Dean Garfield, CEO of the Information Technology Industry Council, says it's been disappointing not to have more of a national movement around AI.
    'Avengers: Infinity War' Crosses $500 Million At Domestic Box Office

    'Avengers: Infinity War' Crosses $500 Million At Domestic Box Office

    A lot of people suggested him to watch all the films in Marvel Cinematic Universe to understand Infinity War . Another new film, " Breaking In ", a thriller starring Gabrielle Union , was third at $16.8 million.
    It stays on the field - Noble calms Pogba pitch spat

    It stays on the field - Noble calms Pogba pitch spat

    United manager Jose Mourinho thought the referee got it right on the night, telling reporters: "It was handled well". Moyes signed a deal until the end of the season, tasked with keeping the Hammers in the Premier League.
  • SC to reiterate name, but later

    SC to reiterate name, but later

    The Supreme Court Collegium meeting of Friday (May 11) threw up a solution of sorts, nearly exactly as India Legal had predicted. Justice K M Joseph's name was recommended along with that of senior advocate Indu Malhotra by the collegium on January 10.
    Homeland Security Chief Was Close To Resigning After Trump Tirade

    Homeland Security Chief Was Close To Resigning After Trump Tirade

    Following the release of the report , Nielsen said in a statement that Trump "is rightly frustrated" on border security issues . Trump's tirade went on so long that many present began fidgeting in their seats and flashing grimaces, White House aides said.
    Mets undercut 1st-inning rally by batting out of order

    Mets undercut 1st-inning rally by batting out of order

    For what it's worth, the Mets have been giving each of Cabrera and Flores at-bats in the second and third spots all year long. The Mets have nowhere to go but up for the rest of the game, right? Harvey will join the Reds later this week in Los Angeles.
  • Chocolate floods highway in Poland after truck crashes

    Chocolate floods highway in Poland after truck crashes

    The truck appeared to overturn after colliding with a traffic barrier, causing thick sugary liquid to coat Poland's A2 motorway. This left the firefighters puzzled as they didn't know how to clean up tons of melted chocolate?
    President Trump tweets 5 key ISIS leaders captured

    President Trump tweets 5 key ISIS leaders captured

    Five senior Islamic State (ISIS) leaders have been captured in a sting operation orchestrated by American and Iraqi intelligence. The arrest is a significant blow to Daesh & demonstrates close coordination between #ISF & #SDF in their fight to #defeatDaesh .
    Khloe Kardashian doesn't mention Tristan Thompson in tweet about True

    Khloe Kardashian doesn't mention Tristan Thompson in tweet about True

    With two children at 27, Tristan isn't looking to slow the Thompson line. Stop crying, '" he explained. "With a boy, it's just like, "Hey, man".


Popular

Ohio State Softball Receives Bid To Gainesville Region of NCAA Tournament
The Cougars enter with a 33-12 record and finished runner-up in the Northern Athletic Collegiate Conference (NACC) Tournament. The Gamecocks (45-14) were chosen as an NCAA regional host and will be a No. 1 seed for the first time since 2002.

Got the signature: Queen approves of Harry's marriage
And she gave her permission for them to Wednesday at St George's Chapel at Windsor Castle on Saturday, May 19 . Vellum is only used for extremely important State documents since it's a very old school form of parchment.

Google Duplex AI takes tech world by storm
Google has not yet decided how to handle the disclosures to let people know that they are talking to an AI-powered system. Google showcased its plans for the next several months as it kicked off its annual developers' conference Tuesday .

Allow exchange of demonetised notes at earliest: KP Oli to PM Modi
Nepalese Prime Minister KP Sharma Oli welcomed PM Modi upon his arrival at the temple complex. Janakpur sub-metropolis Mayor Lal Kishor Sah was also present during the felicitation.

Rockets built to beat Warriors, but defending champs take talks in stride
When a team plays against Boston, they are playing against Celtic pride and history, which makes them such tough competitors. This is only the third Golden State-Houston playoff meeting, and all have come in the last four seasons.

Is Nawaz Sharif guilty of laundering $4.9 billion to India?
Accountability is not a crime, if it is, then we are doing it for the country's progress. He has also been disqualified from holding public office for life.

Monster Hunter Generations Ultimate coming to Switch this August
By linking both versions of the game online, you can then download the data onto your Switch and continue your adventure there. Take on the role of a courageous hunter on an adrenaline fuelled adventure challenging larger than life beasts.

Facebook to block foreign ads in Irish abortion referendum
Facebook explained that the move was created to protect the integrity of elections and referendums from "undue influence". As for who is paying for those ads, said Sheridan, "the only people who know that for certain are Facebook themselves".

Esteban Chaves wins stage six at Mount Etna
Yates had begun the day in third place, 17 seconds behind race leader Rohan Dennis , who laboured on the twisty Etna climb. On Thursday, Chaves dedicated his stage victory to the memory of Casas, whose name is inscribed on his shoes.

104-year-old scientist ends life listening to 'Ode to Joy'
Australian biologist David Goodall was declared dead at 12.30pm on Thursday, Exit International director Philipp Nitschke said. The British-born ecologist, 104, had travelled to the Swiss clinic from his home in Australia, where euthanasia is forbidden.