Popular encrypted email standards are unsafe



European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately. The vulnerabilities, dubbed EFAIL, were first mentioned by the EFF on Sunday.

Researchers promised to publish more details tomorrow, Tuesday, May 15.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today.

Mercedes-AMG GT S now available as roadster
The Dynamic Plus package is the one that aids the car's dynamics, and includes options such as rear axle steering. Power transmission duties are taken care of by a 7-speed dual clutch automatic gearbox.

He said attacks exploiting the vulnerabilities can be mitigated if users eschew HTML emails, or at least if they read them using a "proper MIME parser and disallow any access to external links".

"Malleability of these two encryption modes is well-known and has been exploited in many attacks on network protocols like TLS, IPsec, or SSH, but it has not been exploited in plaintext-recovery attacks on email standards", the researchers wrote. The victim's email client then decrypts the email and loads any external content, thereby allowing the attacker to view the message. The attacks assume that an attacker has possession of the encrypted e-mails and can trick either the original sender or one of the recipients to open an invisible snippet of one of the intercepted messages in a new e-mail.

PGP and S/MIME have flaws that could be exploited to decrypt any incoming or outgoing communication. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available.

After China, Russia also backs Iran on nuclear deal
The 2015 agreement sought to curb Iran's nuclear programme in return for the lifting of economic sanctions. Media captionAnalysis: What's next for the Iran deal?

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers.

PGP, for example, works using an algorithm to generate a "hash", or mathematical summary, of a user's name and other information.

According to the researchers, users, for the time being, should stay away from plugins for email clients like Microsoft Outlook and Apple Mail as these services automatically encrypt and decrypt emails.

Overwatch Anniversary Event Officially Announced
You can also access over 50 new cosmetic items, including eight legendary skins and three new epic skins, and new dance emotes. Overwatch's anniversary event starts on May 22 and runs until June 12.

Beyond short term mitigations, there are longer term efforts that will need to happen in order to fully secure S/MIME and OpenPGP based email encryption as well. The developer of NeoPG noted on Twitter that "The OpenPGP working group at the IETF, which was on the way to address some of the issues, was closed in November due to lack of progress".

Latest News