Science

Researchers Warn Of Critical PGP And S/MIME Email Encryption Vulnerabilities

Researchers Warn Of Critical PGP And S/MIME Email Encryption Vulnerabilities

The Electronic Frontier Foundation (EFF) recently claimed that the encryption bug posed "an immediate risk" to PGP and S/Mime users, and that even ancient messages buried deep inside elaborately named folders are in danger.

After breaking the news on Twitter on Sunday night he added: "There are now no reliable fixes for the vulnerability".

"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs". It will be safer for the users to switch to services like Signal, the massaging app backed by WhatsApp co-founder Brian Acton.

The group of researchers plan to publish their research paper with details about the vulnerability on Tuesday.

It is, for example, not enough to deter attacks by "nation state actors, large-scale breaches of email servers, revealing millions of email messages, or attackers compromising email accounts", they explain.

So clients like Apple Mail, iOS Mail and Mozilla Thunderbird would view the emails as HTML instead of an encrypted message, and display it as one plaintext email instead of three hashed messages.

Also, Robert Graham at Errata Security, examined the flaws and came away with a different take: "It only works if you've enabled your email client to automatically grab external/remote content", he said in a post.

PENCE TO MUELLER: It's Time to 'WRAP IT UP'
When Mike Pence came to Washington with Donald Trump he must have left his conscience and whatever integrity he may have had back home in Indiana.

Though researchers are warning users of the seriousness of the vulnerability, many believe it is being hyped too much. In other words, they can break the security measure and reveal the private contents of users' emails. (S/MIME is more typically used to protect corporate emails, which means its use is up to the IT department, not individual workers.) We're still in the "knee-jerk reaction" phase of the response cycle. However, it's important to note that the PGP (Pretty Good Privacy) flaw isn't in the core protocol of PGP, reports the BBC.

The new vulnerability is called EFAIL.

Mikko Hypponen of F-Secure, a cyber security firm, said: "This is bad because the people who use PGP use it for a reason, people don't use it for fun - people who use it have real secrets, like business secrets or confidential things".

In an era when email hacks are a very real and common personal security threat, encryption is a way to ensure prying eyes don't spy on your digital correspondence.

"You can think of it as a black box", Strukov says.

The researchers claim that they have disclosed their findings "responsibly" to worldwide computer emergency readiness teams (Certs), GNU PG developers and the affected suppliers, which have applied (or are in the process of applying) countermeasures.


  • China is conducting trials of an aircraft carrier of its own design

    China is conducting trials of an aircraft carrier of its own design

    China's state media says the country's first domestically-built aircraft carrier has started sea performance tests. It is China's second aircraft carrier following the purchase of the Soviet-built Liaoning from Ukraine in 1998.
    Sanders: Aide's McCain comment shouldn't have been leaked

    Sanders: Aide's McCain comment shouldn't have been leaked

    The White House later commended McCain's service to his country, but refused to address the aide's comment when pressed Friday. McCain, a Navy pilot who was beaten in captivity during the Vietnam War , has urged his fellow senators to reject Haspel.
    Trump Says Drug Ads Should Reveal Costs

    Trump Says Drug Ads Should Reveal Costs

    Health Secretary Alex Azar said the Food and Drug Administration would immediately examine requiring that information in TV ads. Drug companies spent $229 million on lobbying since the beginning of 2017, according to the Center for Responsive Politics.
  • Nobel Prize for literature postponed in wake of sex scandal

    Nobel Prize for literature postponed in wake of sex scandal

    Arnault has subsequently also been accused of leaking the names of winners of the Nobel Prize in Literature ahead of time . The Swedish Academy said on Friday that it will not name the victor of this year's Nobel Literature Prize .
    Weekend weather may make way for Mother's Day activities

    Weekend weather may make way for Mother's Day activities

    The chance for showers and storms will continue through the week, with another spike in temperatures through Wednesday . This lead to sun-filled skies, which in turn allowed temperatures to climb into the seasonably mild low to mid 70s.
    Eurovision Has Blocked China From Watching This Year's Contest

    Eurovision Has Blocked China From Watching This Year's Contest

    There has also been a crackdown on tattoos, with media regulators censoring actors who are inked. Rainbow flags seen in the audience during Switzerland's performance were also blurred out.
  • Israeli missiles shot down in Syria

    Israeli missiles shot down in Syria

    Iran appeared determined not to be drawn into a wider regional conflict with Israel during the sensitive negotiations. For years, Iranian proxies have attacked Israel, but this time , Israel is directly blaming Iran for the attack.

    Indiana Voters Pick Republican Mike Braun To Take On Sen. Joe Donnelly

    Rokita donned Trump's signature "Make America Great Again" hat in his ads and campaigned with the slogan "Defeat the Elite". With few major policy differences, the candidates ran bitter campaigns by arguing who's the strongest Trump supporter.
    Narendra Modi congratulates Mahathir Mohamad for swearing-in as Malaysian PM

    Narendra Modi congratulates Mahathir Mohamad for swearing-in as Malaysian PM

    Dr Mahathir said that Pakatan would immediately begin the process of getting Anwar's pardon formalized. Najib may be remembered most for the scandal over 1MDB, whose advisory board he chaired until 2016.
  • Houston Rockets vs. Golden State Warriors - 5/16/18 NBA Pick, Odds, and Prediction

    Houston Rockets vs. Golden State Warriors - 5/16/18 NBA Pick, Odds, and Prediction

    Draymond Green on getting the technical so early: "I was a bit overzealous, a bit amped up, but I'd rather that any day than coming out flat".
    At least two dead, 13 injured in Indonesia church attacks

    At least two dead, 13 injured in Indonesia church attacks

    Hundreds of Indonesians have flocked to fight with IS, sparking fears that extremist outfits could get a new lease on life. He said two police officers were among a total of 40 wounded.
    Hawaii residents shaken by tremors, brace for new lava outbreaks

    Hawaii residents shaken by tremors, brace for new lava outbreaks

    Lava flows from the volcano, one of five on the island, have buried an area about 125 square kilometers, according to the USGS. On May 3, the Kilauea volcano erupted forcing almost 2,000 people out of their homes and destroying dozens of buildings.