Popular encrypted email standards are unsafe

PGP is leaking your emails in plaintext and there's no known fix

PGP is leaking plain text versions of your emails and there's no known fix

European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately. The vulnerabilities, dubbed EFAIL, were first mentioned by the EFF on Sunday.

Researchers promised to publish more details tomorrow, Tuesday, May 15.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today.

Kerala: Malappuram child abuser had protested Kathua girl's rape, murder!
The commission also demanded stern action against the police officials who were lax in carrying out their duty. The theatre management who checked the footage passed it to Childline, an NGO that works for kids in distress.

He said attacks exploiting the vulnerabilities can be mitigated if users eschew HTML emails, or at least if they read them using a "proper MIME parser and disallow any access to external links".

"Malleability of these two encryption modes is well-known and has been exploited in many attacks on network protocols like TLS, IPsec, or SSH, but it has not been exploited in plaintext-recovery attacks on email standards", the researchers wrote. The victim's email client then decrypts the email and loads any external content, thereby allowing the attacker to view the message. The attacks assume that an attacker has possession of the encrypted e-mails and can trick either the original sender or one of the recipients to open an invisible snippet of one of the intercepted messages in a new e-mail.

PGP and S/MIME have flaws that could be exploited to decrypt any incoming or outgoing communication. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available.

West Bengal Panchayat Elections: Voting starts under tight security
Reports of violence were received from North 24 Parganas, Burdwan, Coochbehar and South 24 Parganas districts, they said. The Opposition charged the state police and SEC officials of woking on behest of the ruling TMC.

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers.

PGP, for example, works using an algorithm to generate a "hash", or mathematical summary, of a user's name and other information.

According to the researchers, users, for the time being, should stay away from plugins for email clients like Microsoft Outlook and Apple Mail as these services automatically encrypt and decrypt emails.

Overwatch Anniversary Event Officially Announced
You can also access over 50 new cosmetic items, including eight legendary skins and three new epic skins, and new dance emotes. Overwatch's anniversary event starts on May 22 and runs until June 12.

Beyond short term mitigations, there are longer term efforts that will need to happen in order to fully secure S/MIME and OpenPGP based email encryption as well. The developer of NeoPG noted on Twitter that "The OpenPGP working group at the IETF, which was on the way to address some of the issues, was closed in November due to lack of progress".

Latest News