Security researchers discover critical flaw in PGP encryption that reveals plaintext

They've discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past.

The flaw works when an attacker already has access to a victim's encrypted emails.

EFAIL requires that the attacker managed to gain access to encrypted emails and that the target runs client software that is vulnerable to one of the two available attack types. The flaw, named EFAIL, reportedly affects both sent and received messages, including past correspondence.

The vulnerabilities in PGP and S/MIME standards pose an "immediate risk" to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation, a US digital rights group.

The security flaws that have been discovered could potentially leak the contents of the encrypted messages you send and receive via email when signed with PGP or S/MIME encryption methods. You can also disable HTML rendering in your email messages.

Professor Schinzel is a member of a research team consisting of a long list of respected security researchers, and which has been responsible for uncovering a number of cryptographic vulnerabilities. However, they also call for an updated to OpenPGP and S/MIME standards, so the vulnerabilities can be closed.

"It's a serious risk if you rely on PGP and S/MIME for email security which most organisations use".

Nadal's clay court streak ends; Federer set for return to No. 1
Only Novak Djokovic, Gaston Gaudio, and now Thiem have beaten Nadal at least three times on the slow stuff. With the loss to Thiem, Roger Federer will take over as the world No. 1.


"In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs", researchers explained.

The EFF's report only indicated that a vulnerability existed, and that users should disable PGP plugins in their mail clients until patches are deployed. The new e-mail would embed portions of the cipertext in places that often aren't displayed by Thunderbird, Mail, Outlook, and more than two-dozen other e-mail programs.

On a website dedicated to the flaw, researchers laid out how attacks would be carried out inside email clients through various code loopholes.

The second attack involves attackers being able to use their knowledge of parts of an email to crack its encryption.

However, Werner Koch, free software developer and author of the GNU Privacy Guard, posted information on Monday which claims the warnings from EFF are "pretty overblown".

Whistle-blowers, political activists and others who depend on encrypted email could all be compromised by the bug, the researchers said in a blog post. "In 2018, businesses must re-evaluate how they communicate, opting to phase out email for secure communications solutions that are open-source, independently audited and end-to-end encrypted".

(Copyright © 2015. All Rights Reserved.)
 
Recommended

Game 1 in 60 seconds: Fans agree Rockets must stop Kevin Durant
The Rockets stretched the lead to 21-15 on a Clint Capela dunk after the Warriors were caught scrambling defensively. Golden State also had 18 fastbreak points as against Houston's paltry three-point output in their transition attack.

Manyonga soars in Shanghai
The men's 800m produced a breakthrough victory for another young Kenyan, Wycliffe Kinyamal, in a meeting record of 1:43.91. South Africa's long jump sensation Luvo Manyonga proved too strong for the rest of the field in Shanghai on Saturday.

Apple Macbook Pro Keyboard Defect Lawsuit Investigation
Plaintiffs complain that when debris or dust reaches a key, it causes the keyboard to become unresponsive to keystrokes. It continues saying 'When the MacBook's butterfly keyboard fails, the keys stick and no longer register keystrokes.

Jamaal Lascelles: Newcastle must do everything to keep Rafa Benitez
But still without a call-up, and with Southgate's squad announced on Wednesday, Lascelles accepts the manager has his chosen defenders.

UAE Makes History in Indian Oil
A sharp drop in crude prices since mid-2014 has forced the oil industry to cut costs and look for ways to boost efficiency. The facility is expected to have a production capacity of 150,000 tons per year of LAB upon completion.

Theresa May Splits Cabinet To Seek Brexit Solution
May, however, warned that there will "be compromises", but vowed that she "will not let you down". The EU has expressed doubts about whether either option would work.

19 people killed in clash between Myanmar army, ethnic rebels, says Military
Reverend Hkalam Samsun, chairman of the Kachin Baptist Convention, said the Kachin people were "disappointed" with Suu Kyi. Suspected ethnic minority insurgents have launched attacks in eastern Myanmar, leaving 19 people dead and 29 wounded.

WC9 Asteroid Will Whiz Close To Earth On May 15th
But, persons wishing to see the asteroid can tune in to Slooh, the astronomy broadcasting service beginning at 4 pm Alaska time. The 2018 GE3 asteroid was discovered just one day before it skimmed past Earth in what scientists called a "surprise" flyby.

Santa Barbara District Attorney Files Murder Charges Against Golden State Killer
The charges also special circumstances of murder during the commission of rape and burglary, as well as the use of a firearm. DeAngelo already faces charges in Sacramento, Orange and Ventura counties, where he allegedly terrorized victims for years.

Iranian FM Zarif In Moscow To Meet Lavrov On Nuclear Deal
On Sunday US Secretary of State Mike Pompeo said Washington still wants to work with Europe to counter Iran's "malign behavior". The U.S. decision reignited the danger of economic crisis for Iran, which is now at the center of Tehran's diplomatic efforts.

VIRAL: Officer puts man in chokehold inside Waffle House after prom
It is unclear whether the officer, who has not been identified, remains on duty while police investigate his use of force. According to ABC 11 , Anthony Wall was at the Waffle House on May 5 after escorting his 16-year-old sister to prom.

Maddie Poppe sings "God Only Knows" on American Idol 2018 Top 5
Lionel begged people to vote for Maddie, and Katy gushed about how the singer had done such a wonderful song justice. The field will be narrowed to the top 3 for a two-night finale to be aired on ABC on May 20 and 21 on KCRG.

Chennai Super Kings vs Sunrisers Hyderabad
Not only was the 123-run stand broken, but Hyderabad also slipped to 141 for 3 in the 17th over, with two new batsmen in. Sunrisers Hyderabad , on the other hand, have had a near-perfect run in IPL 2018, thanks largely to their bowling attack.

Alonso: Top teams still in "another league" to McLaren
While it is still some distance back on Mercedes, Ferrari and Red Bull, Alonso at least was able to crack the top 10. But McLaren team boss Zak Brown appears confident of retaining Alonso as part of his F1 set-up.

Iraqi air force destroys Islamic State command center in Syria
Sadr leads the al-Sairoon Coalition (The Marchers) that brings together his Sadrist Movement and the Iraqi Communist Party . A Pentagon spokesman told Eric Pahon that the USA government does not support any particular Iraqi candidate or party.


More News

News
More News