Security researchers discover critical flaw in PGP encryption that reveals plaintext

They've discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past.

The flaw works when an attacker already has access to a victim's encrypted emails.

EFAIL requires that the attacker managed to gain access to encrypted emails and that the target runs client software that is vulnerable to one of the two available attack types. The flaw, named EFAIL, reportedly affects both sent and received messages, including past correspondence.

The vulnerabilities in PGP and S/MIME standards pose an "immediate risk" to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation, a US digital rights group.

The security flaws that have been discovered could potentially leak the contents of the encrypted messages you send and receive via email when signed with PGP or S/MIME encryption methods. You can also disable HTML rendering in your email messages.

Professor Schinzel is a member of a research team consisting of a long list of respected security researchers, and which has been responsible for uncovering a number of cryptographic vulnerabilities. However, they also call for an updated to OpenPGP and S/MIME standards, so the vulnerabilities can be closed.

"It's a serious risk if you rely on PGP and S/MIME for email security which most organisations use".

Ceremony to Honor Law Enforcement Set for Thursday
Police Week 2018 is here and FOX59 is in the nation's capitol to highlight several great events. Aaron Allan visited the National Law Enforcement Memorial to view her husband's name.


"In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs", researchers explained.

The EFF's report only indicated that a vulnerability existed, and that users should disable PGP plugins in their mail clients until patches are deployed. The new e-mail would embed portions of the cipertext in places that often aren't displayed by Thunderbird, Mail, Outlook, and more than two-dozen other e-mail programs.

On a website dedicated to the flaw, researchers laid out how attacks would be carried out inside email clients through various code loopholes.

The second attack involves attackers being able to use their knowledge of parts of an email to crack its encryption.

However, Werner Koch, free software developer and author of the GNU Privacy Guard, posted information on Monday which claims the warnings from EFF are "pretty overblown".

Whistle-blowers, political activists and others who depend on encrypted email could all be compromised by the bug, the researchers said in a blog post. "In 2018, businesses must re-evaluate how they communicate, opting to phase out email for secure communications solutions that are open-source, independently audited and end-to-end encrypted".

(Copyright © 2015. All Rights Reserved.)
 
Recommended

Manyonga soars in Shanghai
The men's 800m produced a breakthrough victory for another young Kenyan, Wycliffe Kinyamal, in a meeting record of 1:43.91. South Africa's long jump sensation Luvo Manyonga proved too strong for the rest of the field in Shanghai on Saturday.

Hamilton wins Spanish GP by 20 seconds, Vettel 4th
After five races, we have a much better understanding of the auto , of what we need to do to get the vehicle working. There are a couple of things, as I said. "It feels nice to be on the podium and nice to have a good, clean race".

RCB defeat DD, stay alive in IPL
De Villiers also reached his fifty off 28 balls in the same over as he hit a four and a six in consecutive balls. A quickfire 50 from Gayle can change the complexion of the game. 14 runs and a wicket come off the over.

Lawmakers poised to start sports betting in NY
It does not mention sports betting, which, until now could occur only in Nevada where such gambling predated the federal law. While the ban has been lifted, it is now up to the states to determine whether they will individually legalize gambling.

Severe thunderstorms approaching the Harrisburg area
Aside from Monday , the potential for severe weather is too low for any mention by the Storm Prediction Center . Some damaging wind gusts could be in the picture, along with locally heavy rainfall with any stronger storms.

Jamaal Lascelles: Newcastle must do everything to keep Rafa Benitez
But still without a call-up, and with Southgate's squad announced on Wednesday, Lascelles accepts the manager has his chosen defenders.

Apple Macbook Pro Keyboard Defect Lawsuit Investigation
Plaintiffs complain that when debris or dust reaches a key, it causes the keyboard to become unresponsive to keystrokes. It continues saying 'When the MacBook's butterfly keyboard fails, the keys stick and no longer register keystrokes.

Theresa May Splits Cabinet To Seek Brexit Solution
May, however, warned that there will "be compromises", but vowed that she "will not let you down". The EU has expressed doubts about whether either option would work.

Deadpool 2 reviews are in: here's what critics have to say
The capper is a hellacious vehicle chase/fight scene that has Deadpool fighting Cable while Domino takes the wheel. Alongside "The Godfather Part II" and "Terminator 2", this is one of the best movie sequels ever made.

WC9 Asteroid Will Whiz Close To Earth On May 15th
But, persons wishing to see the asteroid can tune in to Slooh, the astronomy broadcasting service beginning at 4 pm Alaska time. The 2018 GE3 asteroid was discovered just one day before it skimmed past Earth in what scientists called a "surprise" flyby.

Iranian FM Zarif In Moscow To Meet Lavrov On Nuclear Deal
On Sunday US Secretary of State Mike Pompeo said Washington still wants to work with Europe to counter Iran's "malign behavior". The U.S. decision reignited the danger of economic crisis for Iran, which is now at the center of Tehran's diplomatic efforts.

Mancini Becomes Italy Head Coach
He succeeds Gian Piero Ventura , who was sacked in November after Italy missed out on the World Cup for the first time since 1958. It will be a first role in global management for Mancini, who has left Russian club Zenit St Petersburg to take up the post.

Wilfried Zaha Reportedly Set for £50M Move
Wilfried Zaha appears set to make a sensational £50m move to Manchester City this summer. Van Aanholt went from provider to scorer to put Hodgson's side two goals to the good.

Catalonia MPs elect separatist Quim Torra as new regional leader
Torra failed to secure enough votes in the first round of parliamentary voting on Saturday. The parliament's election came almost five months after local elections in Catalonia.

Iraqi air force destroys Islamic State command center in Syria
Sadr leads the al-Sairoon Coalition (The Marchers) that brings together his Sadrist Movement and the Iraqi Communist Party . A Pentagon spokesman told Eric Pahon that the USA government does not support any particular Iraqi candidate or party.


More News

News
More News