Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement 

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

'Efail' can expose old email content that was encrypted

Written by  May 13, 2018

Long overlooked software flaws that have existed in popular email clients can be exploited under certain conditions to access email content even when they’re protected by PGP or S/MIME standards, according to new research.

The research, dubbed “efail,” explains how it’s possible to exploit buggy email platforms, particularly in the way PGP is integrated into the platform. It does not show how to “break” the actual encryption protocol supporting PGP, short for “pretty good privacy.”

Sebastian Schnitzel, who co-authored the research, urged people to disable PGP or S/MIME in their email client until a fix can be issued.

There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: https://t.co/zJh2YHhE5q#efail 2/4

— Sebastian Schinzel (@seecurity) May 14, 2018

Advertisement 

The research is focused on how popular HTML-based email platforms — like Mozilla’s Thunderbird, Apple’s Mail, and Microsoft Outlook — continue to mishandle specific, internal configurations within email. In practice, an attacker could leverage these issues to redirect components of an encrypted message decrypted by the email client towards their own server, revealing the actual plaintext behind the targeted e-mail. 

Researchers were careful to state Monday that an attacker has to already have access to a person’s email account in order for the exploit to work.

On a website dedicated to the flaw, researchers laid out how attacks would be carried out inside email clients through various code loopholes.

In the short term, researchers call for users to disable HTML rendering and avoid decrypting emails in an email client. However, they also call for an updated to OpenPGP and S/MIME standards, so the vulnerabilities can be closed.

Advertisement 
1and1.com | Hosting, Domains, Website Services & Servers

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Top News

Latest

1 in 3 Health Care Services in the US Hit By Cyber-Attack

May 27, 2018 Cyber Attack

1 in 3 Health Care Services in the US Hit By Cyber-Attack

More than one in three health care providers have been hit with a cyber-attack over the past year, according to Imperva...

Advertisement 

  1. Popular
  2. Trending
  3. Comments

Calendar

« May 2018 »
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Advertisement 

Advertisement