Wednesday, 19 December, 2018

Researchers Warn Of Critical PGP And S/MIME Email Encryption Vulnerabilities

PSA PGP and S  MIME are broken and leaking encrypted emails – stop using them right now Uninstall PGP: EFF warns of exploit that may reveal plaintext of encrypted emails
Wayne Curry | 14 May, 2018, 20:46

Critical unpatched vulnerabilities in widely-used email encryption tools PGP and S/MIME have been discovered by a team led by Sebastian Schinzel, professor of Computer Security at the Münster University of Applied Sciences. To help users, the organization has even posted guides on how to disable PGP in Thunderbird, Outlook and Apple Mail.

If an attacker gains access to a victim's encrypted emails through methods like eavesdropping or compromising email accounts, EFAIL can be used to "abuse active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through URLs", reads the website detailing the vulnerabilities.

Yet chances are good that numerous people who use OpenPGP do so via affected email clients.

The response: Some security executives say the risk exists only in email programs that don't check for decryption errors, so it's worth verifying whether yours does.

Users are advised to disable email encryption to avoid any attackers from recovering past encrypted emails after the paper's publication.

While the requirement that attackers have access to previously sent e-mails is a an extremely high bar, the entire objective of both PGP and S/MIME is to protect users against this possibility.

Zarif embarks on journey to save nuclear deal by first visiting China
The top Iranian diplomat said he and Lavrov discussed the JCPOA and a broad range of bilateral, regional and global issues. After the U.S. departure from the nuclear deal, Iran is making sure that the deal survives under all circumstances.

Jose Mourinho 'not totally happy' with second place
It would have meant that Louis van Gaal had been more successful and that David Moyes wasn't far behind him. Sam Allardyce: "It's a club I put back into the Premier League and had four good seasons there".

Congo Faces Another Ebola Outbreak After 18 Die, 2 Cases Confirmed
Tedros said the organisation is working with its partners to send more staff, equipment, and supplies to the affected area. The side effects were mostly mild.

More details to come.

If you've been using PGP or S/MIME to securely send and receive sensitive emails, you'll want to stop using them right away, as a group of European researchers have found vulnerabilities in both standards.

In the short term, the researchers and the Electronic Frontier Foundation (EFF) recommend users disable PGP plugins and use non-email based messaging platforms to decrypt messages until a long-term solution is developed.

"These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community", the EFF said.

But some think the vulnerability warning is overblown. It also name dEnigmail for Thunderbird, GPGTools for Apple Mail and Gpg4win for Outlook as worthy of disablement, and offers instructions on how to do so. EFF has a write up on this also with all the links you need if reading Twitter is not your thing. This needs to be done in three emails, with the first one opening the HTML tag, the second one containing the encrypted message, and the third closing the HTML tag. And many corporate email services employ S/MIME.

Professor Schinzel is a member of a research team consisting of a long list of respected security researchers, and which has been responsible for uncovering a number of cryptographic vulnerabilities.

Recommended

The NES Classic Mini goes back on sale next month The NES Classic Mini goes back on sale next month NES and SNES Classics still sell for about $120 - about double the original price - on Craigslist in the Pittsburgh area. The two mini consoles were supposed to be one-off products, available for a limited time and not re-introduced.

Israeli military drops warning leaflets into Gaza as border protests build Israeli military drops warning leaflets into Gaza as border protests build On Dec. 16, 2017, Trump recognized Jerusalem as the capital of Israel , in a move that triggered new violence in the region. The US said it chose the inauguration date to coincide with the 70th anniversary of Israel's establishment.

Comment on 'dying' John McCain draws bipartisan condemnation Comment on 'dying' John McCain draws bipartisan condemnation Sadler's comment comes amid tension between the White House and McCain, 81, who has been at home in Arizona fighting brain cancer. Her role in overseeing the use of torture by Americans is "disturbing", he says.

Controversial pro-Trump pastor gives blessing at Jerusalem embassy opening Controversial pro-Trump pastor gives blessing at Jerusalem embassy opening Jeffress said the Bible declares that "God will judge any nation that divides the land that God gave to Israel". The message was clear but Hagee said his position was misrepresented and "the ugliest of lies".

Ederson signs new Manchester City contract Ederson signs new Manchester City contract The stunning form of Pierre-Emerick Aubameyang since completing a club record move in January does offer a glimmer of hope. The fact that they have set this record is already an awkward thing for the rest of the league to think about.

Jedi Council: Chewbacca Actor Joonas Suotamo Joins the Council to Talk 'Solo' Jedi Council: Chewbacca Actor Joonas Suotamo Joins the Council to Talk 'Solo' He plays Lando Calrissian , the original owner of the Millennium Falcon and eventual friend to Captain Solo . Box office experts predict fans will turn out in force for " Solo ".

Manchester City breaks Premier League records Manchester City breaks Premier League records City can become the first team to reach 100 points in an English top-flight season if they beat Southampton on the final day on Sunday.

Highlights DD vs SRH: Shikhar Dhawan, Kane Williamson stole the show Highlights DD vs SRH: Shikhar Dhawan, Kane Williamson stole the show The first ball of his final over, the 17th of the innings, was a wrong'un drifting away from length, right into Pant's weak zone. In reply, league leaders Sunrisers romped home to victory with seven balls to spare ultimately.

Pakistan 193-6 at tea as Ireland starts life in test cricket Pakistan 193-6 at tea as Ireland starts life in test cricket Imam (7) went the very next ball, to Murtagh, struck on the kneeroll and given out lbw to leave Pakistan at 2-13. Shafiq square-cut Kane for four, with left-hander Haris Sohail glancing Stuart Thompson for a legside boundary.

The Russian army: we have not supplied Syria systems s-300 The Russian army: we have not supplied Syria systems s-300 It is used by US Marine Corps and many other military formations and is one of the best robotized demining systems in the world. Russian officials said that a terror attack targeting an event earlier this week in Moscow was thwarted.

Suspect Arrested In Shooting At Southern California High School Suspect Arrested In Shooting At Southern California High School Agents with the Department of Alcohol, Tobacco, Firearms and Explosives (ATF) were heading to the scene, the agency said. Meanwhile Antelope Valley Hospital was told several people were dead and as many as 25 students were injured, said Dr.

In an interplanetary first, NASA to fly a helicopter on Mars In an interplanetary first, NASA to fly a helicopter on Mars But JPL has made sure that the Mars Helicopter has everything it needs to fearless the rough environment on the Red Planet . Once the helicopter is transported to Mars by way of the rover , it will begin flying around the planet on its own.

SpaceX launches newly updated Falcon 9 rocket SpaceX , however, confirmed that the Falcon 9 Block 5 rocket and its payload are in good condition, which is great news to hear. SpaceX founder and CEO Elon Musk expressed high hopes for Block 5, which he said will be the final version of the Falcon 9.

USA vows to make North Korea rich if it gives up nukes USA  vows to make North Korea rich if it gives up nukes But as with so many things about North Korea, its hard to tell how much of this is wheat and how much is chaff. It was the sixth nuclear test by Pyongyang.

Giuliani Says Cohen Never Spoke With Trump About His Big-Dollar Clients Giuliani Says Cohen Never Spoke With Trump About His Big-Dollar Clients The payment to Clifford was the first known activity involving Essential Consultants, a shell company incorporated in DE by Cohen. Time Warner was not aware of AT&T's contract with Cohen, according to a person familiar with the company's thinking.