undergroundnewsroom.com
undergroundnewsroom.com May 27, 2018


PGP Email has Critical Flaw

15 May 2018, 04:19 | Clyde Nash

Uninstall PGP: EFF warns of exploit that may reveal plaintext of encrypted emails

PSA PGP and S  MIME are broken and leaking encrypted emails – stop using them right now

The new critical vulnerability is dubbed as EFAIL, and the researchers say that there is no permanent fix available now.

The second vulnerability partially incorporates the first, and relies on an attacker being able to guess parts of the encrypted communication, which is generally possible due to the nature of the protocol involved. "In 2018, businesses must re-evaluate how they communicate, opting to phase out email for secure communications solutions that are open-source, independently audited and end-to-end encrypted".

"This vulnerability might be used to decrypt the contents of encrypted emails sent in the past".

Asking his online community if any of the members use PGP, responses ranged from "LOL, no" to "Most don't even know what that is" to a member saying he set up PGP, but no client has ever wanted to use the encryption option.

After the embargo on releasing details about the vulnerability was lifted, Mr Schinzel and colleagues published their research revealing how the attack on PGP emails worked. Attacks using the EFAIL vulnerability take advantage of "active content" in HTML emails, such as externally loaded graphics, to extract the plain text through those requested URLs.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today.

Moyes unsure on West Ham future
But since the moment we felt it was impossible to finish first we had the target to finish second and it is done on Thursday. A lackluster United display was reflected in Pogba again failing to take control of the game.

Meghan Markle's wedding dress is complete but there's one problem
Recall, the half-brother of Megan Markle wrote a letter to Prince Harry with the request "not to marry Megan". Her mother will ride with her to St George's Chapel while her father will walk her down the aisle .

Brad Stevens Says He's Not the Coach of the Year
An NBA coach even stated that Stevens should have gotten at least one vote, but guess what, the coach didn't vote for him either. Yet, Boston won 55 games during the regular season and increased its win total for the fifth consecutive season under Stevens.

Cybersecurity experts in Europe have identified flaws in the popular PGP and S/MIME email encryption standards that could expose plaintext versions of encrypted messages to hackers. "If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now".

A team of nine academics is warning the world about a critical vulnerability in the OpenPGP and S/MIME email encryption tools.

Cluley also pointed out that it is not a new problem - the root problem of mail clients attempting to display corrupted S/MIME messages has been known about since 2000. Then the emails are changed in a particular way and sent to a victim.

The researchers recommend disabling HTML rendering in your email client to prevent your PGP messages from being decrypted. And that person's email client decrypts the email and loads external content, "thus exfiltrating the plaintext to the attacker".

YOUR EMAILS could be vulnerable to interception following a discovery of a major flaw in PGP/S-MIME encryption, far and away the most popular was of protecting emails. But the researchers cautioned that since attacks could become increasingly sophisticated in future, strategies which bolster OpenPGP and S/Mime standards are required for a long term fix.



Other News

Trending Now

India's Modi visits Nepal to restore neighborly ties
The Prime Minister also said that India would install a Bhabhatron radiation therapy machine in Kathmandu's cancer hospital. Federal government ministers Ishwor Pokharel, Giriraj Mani Pokharel and Matrika Yadav were present at the programme.

Trump says GOP primary winners will defeat 'Socialist,' Pelosi party in November
Blankenship was CEO of mine owner Massey Energy, whose Upper Big Branch mine in southern West Virginia exploded in April 2010. Primary voters on Tuesday picked a congressman backed by President Donald Trump to be the GOP nominee against Democratic Sen.

Walmart to buy 77% stake in India's Flipkart for $16bn
We are confident this group will provide Flipkart with enhanced strategic and competitive advantage. He said Flipkart would be run as a board managed company with Walmart acting as a resource centre.

ZTE Downplays Deathbed Reports Following Crippling US Ban
The suspension of ZTE's operations follows several recent actions by the USA government that hindered its business prospects. Last week, the company said that its earnings have surged, reporting a 39 percent jump in net income for the first quarter.

Sears pops after getting cozier with Amazon
The business said it's about 2,100 specialists in its Automobile Centers across the country to perform bicycle installations. Sears Auto Centers will install and balance any brand of tires purchased on Amazon.com, including Sears' own DieHard brand.

Warriors, Cavaliers favored to reach NBA Finals
Game 1 of the Western Conference Finals matchup between the Warriors and the Rockets will be on Monday night at the Toyota Center. He would not return to the game, forced to watch the final seven-plus minutes of Utah's season tick away from the sideline.

Coppa Italia thumping does not reflect Milan's performance, insists Gattuso
As we fast approach the kick-off, let's look at 5 important players from the final who can decide the outcome of the tie. However, they roared back to win 3-1 in Turin, before Napoli drew 2-2 with Torino to slip six points behind the leaders.

Year Old Scientist Kills Himself With The Aid Of Drug
Goodall mentioned he expected that his narrative would contribute into the legalization of assisted dying in different nations. The British-born scientist, David Goodall , said his life had been "rather poor" recently and he was happy to end it.

Chaves seizes the moment at Mount Etna
Thibaut Pinot finished 26 seconds after the Mitchelton-Scott duo in third place and sits fifth in the GC standings. BC-CYC-Giro d'Italia, 133 Yates moves into overall lead of Giro, Chaves wins stage 6Eds: APNewsNow.

Carvalhal axed by Swansea after taking club to brink of relegation
He therefore replaced sacked Paul Clement who was shown the exit doors after poor performances this season in the Premier League. Only victory against Stoke, coupled with Southampton losing to Manchester City and a 10-goal turnaround would save them.