Science

Critical PGP vulnerability could reveal text of your encrypted business emails

Critical PGP vulnerability could reveal text of your encrypted business emails”

German researchers have found a major vulnerability in PGP (Pretty Good Privacy), a popular email encryption program, which could reveal past and present encrypted emails. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available. Users of the said software have been advised to immediately disable it in email clients.

Electronic Frontier Foundation (EFF) has said it has confirmed a set of vulnerabilities that have the potential to reveal the contents of email previously thought to be encrypted with PGP.

"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email", the EFF's post said.

S/MIME - which is primarily used by corporations to protect the security of their emails - was described as irreparably broken.

Researchers promised to publish more details tomorrow, Tuesday, May 15. It also name dEnigmail for Thunderbird, GPGTools for Apple Mail and Gpg4win for Outlook as worthy of disablement, and offers instructions on how to do so.

More particularly, the attacks use specially crafted HTML emails that exploit bugs in the way PGP is implemented in some email programs. As a more extreme measure, you could remove the PGP keys from the mail client entirely, preventing the app from any decrypting encoded strings. It's this variety that attackers use to ambush users of OpenPGP and S/Mime by sending a slightly modified S/Mime email to the victim's address.

PGP is used by activists, journalists and whistleblowers, including Edward Snowden, who revealed details of pervasive electronic surveillance by USA intelligence agencies before fleeing to Russian Federation.

Germany's Federal Office for Information Security (BSI) put out a statement saying there were risks that attackers could secure access to emails in plaintext once the recipient had decrypted them.

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient.

But it said that, correctly used and configured, both forms of encryption remained secure.



Like this

loading...
loading...

Latest


14 May 2018
OPEC raises global oil demand outlook for 2018
This might mean that by the end of the year, the United States will be the world's largest producer of oil. On Monday, however, markets were held in check by news of a rise in USA drilling for new oil production.

14 May 2018
Samsung Galaxy A8 Star, Galaxy S8 Lite to launch soon
Only this time the sensor will be placed below the camera module unlike Note 8 that had its scanner put beside the camera module. Samsung Galaxy A8 Star is rumoured to feature a 6.28-inch Super AMOLED display with a resolution of 1080 x 2220 pixels.

14 May 2018
Mancini to leave Zenit ahead of anticipated Italy appointment
Claudio Ranieri, now with French club Nantes, had also previously been mentioned in connection with the job. Zenit St Petersburg have announced that head coach Roberto Mancini will be leaving the club.

14 May 2018
NES Classic Edition will return to stores this June
The NES Classic was originally launched back in November of 2016 and it was immediately sold out. The new shipment of NES Classic consoles will be hitting store shelves on June 29th, 2018.

14 May 2018
Tiger Woods shoots 65, his lowest score at TPC Sawgrass
He was in third place, nine shots behind and figured all he could do Sunday was go as low as he could and see where it led. I was 14 back starting today and anything inside a top 10 is an incredible feat over the weekend from that far back.

14 May 2018
Analysts Ratings for Banco Bradesco SA (BBD)
When we look at the Volatility of the company, Week Volatility is at 2.24% whereas Month Volatility is at 2.41%. Analysts have placed a $11.02 price target on Banco Bradesco S.A., suggesting a 17.11% gain from recent close.

14 May 2018
Nawaz Sharif Admits Pakistani Terrorists Carried Out 26/11 Mumbai Attacks
He also advised Nawaz to take a briefing to mark difference between "state actors and non-state actors". The opposition leader said Nawaz Sharif had relations with incumbent government.

14 May 2018
Warriors vs. Rockets in Game 1 of NBA Playoffs
We're going to go in here knowing we're the defending champs, knowing we've got a couple championships here the last few years. They feel like, 'OK, we don't have home court for the first time, ' but we seem to be at our best when we are threatened.

14 May 2018
Pep Guardiola would let Mikel Arteta leave Manchester City for Arsenal
Yet when the prospect of managing another Premier League club against Arsenal was raised, Wenger said that scenario was unlikely. Former Arsenal winger Jose Antonio Reyes says outgoing manager Arsene Wenger leaves a legacy that will be hard to match.

14 May 2018
City beat Southampton to end season with 100 points
Forward Wilfried Zaha and full-back Patrick van Aanholt scored in the second half as the Eagles finished 11th. The Saints had a poor season in contrast as they secured Premiership survival on the last day of the season.