Electronics

A "serious" flaw has been found in PGP and S/MIME email encryption

A

Sebastian Schinzel, the lead researcher on Efail and a professor of computer security at M√ľnster University of Applied Sciences, said on Twitter that there were "currently no reliable fixes for the vulnerability".

The researchers meant to hold off on full publication until Tuesday, May 15, though the white paper was published earlier due to the embargo being broken. Service providers have been requested by the EFF to communicate the news to all users and request them to disable all related security plugins including Thunderbird with Enigmail, Apple mail with GPG tools, Outlook with GPG4win.

Pretty Good Privacy (PGP) is an encryption tool used to sign emails, documents, directories, and even full hard disks.

PGP uses an algorithm to generate a "hash", or mathematical summary, of a user's name and other information. "There are now no reliable fixes for the vulnerability". It's suggested that users "immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email". Because a full block of plaintext-the researchers cite S/MIME emails starting with "Content-type: multipart/signed" as one-is known to the attacker, this allows the attacker to "repeatedly [append] CBC gadgets to inject an image tag into the encrypted plaintext".

The team's leader researcher, Sebastien Schinzel, admitted that: "E-mail is no longer a secure communication medium".

Walmart has long-term plans for Flipkart, an IPO isn't one of them
Amazon has so far committed $5 billion to India-$2 billion announced in June 2014, and $3 billion in June 2016. SoftBank will get around $4 billion if it sells its entire 21 per cent stake in Flipkart.

A second attack takes advantage of flaws in OpenPGP and S/MIME to inject malicious text that in turn makes it possible to steal the plaintext of encrypted emails.

PGP has always been considered the gold standard for sending secure encrypted emails.

Germany's Federal Office for Information Security (BSI) put out a statement saying there were risks that attackers could secure access to emails in plaintext once the recipient had decrypted them.

But it said that, correctly used and configured, both forms of encryption remained secure.

There are two different vulnerabilities detailed in the Efail paper, with CVE-2017-17688 for the OpenPGP attacks and CVE-2017-17689 for S/MIME. The Foundation which has been in communication with the researchers has advised users to "temporarily stop sending and especially reading PGP-encrypted email". Then the emails are changed in a particular way and sent to a victim. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.


  • Xerox terminates agreement to merge with Fujifilm

    Xerox terminates agreement to merge with Fujifilm

    Helping Icahn and Deason's case was a court decision in late April that temporarily blocked the planned merger with Fujifilm. But Icahn and Deason blasted the deal, saying it significantly undervalued the U.S. company and would be its "death knell".
    Data breach at Chili's exposed credit card info

    Data breach at Chili's exposed credit card info

    Chili's officials said "we deeply value our relationships with our guests and our priority remains doing what is right for them". Personal information such as Social Security numbers date of birth is not collected by the chain.
    PM Abadi's list leading in Iraqi parliamentary election

    PM Abadi's list leading in Iraqi parliamentary election

    According to the officials' latest announcement, the political coalition of Shia Muslim cleric Muqtada al-Sadr has an early lead. Prime Minister Haider al-Abadi carried out poorly throughout majority Shiite provinces that ought to have been his base of help.
  • Legendary Premier League striker urged to join Steven Gerrard at Rangers

    Legendary Premier League striker urged to join Steven Gerrard at Rangers

    The Scottish striker has only been on loan at the club since January, making 17 appearances and scoring six goals. Jason Cummings wants to stay at Rangers as it's been the best experience he's ever had.
    53 killed, 39 in UP, due to lightning, thunderstorms: MHA

    53 killed, 39 in UP, due to lightning, thunderstorms: MHA

    K Sathi Devi, the head of the National Weather Forecasting Centre, said two western disturbances had led to the inclement weather. Air travel in Delhi was also affected, with around 70 flights being diverted from the city's worldwide airport on Sunday night.
    BJP-led govt in Goa will complete its tenure: Amit Shah

    BJP-led govt in Goa will complete its tenure: Amit Shah

    Narasimhan in Hyderabad, urging him to initiate appropriate action against those responsible and involved in the attack. I also welcome Amitji Shah, who is here to address the workers.
  • Rahane fined Rs 12 lakhs for slow-over rate against MI

    Rahane fined Rs 12 lakhs for slow-over rate against MI

    However, in today's match, it is predicted that Rajasthan Royals will win this against Mumbai Indians . In what would be an qualifier before the Play offs Mumbai Indians lock horns with Rajasthan Royals .
    Israel approves controversial Jerusalem cable auto  project

    Israel approves controversial Jerusalem cable auto project

    Pompeo said he was aware that there could be security concerns for U.S. embassies and citizens in the region in the coming days. The embassy will officially open Monday, May 14, marking the 70th anniversary of Israel's founding.
    Plane crashes in Ireland - boy, 7, among dead

    Plane crashes in Ireland - boy, 7, among dead

    A search and rescue operation is underway in Co Offaly after a plane crashed while carrying a man and a seven-year-old boy. It had taken off at around 2.25pm from Clonbullogue Airfield with 16 parachutists on board, all of whom made their jump.
  • Russian, Armenian leaders hope to maintain close partnership

    Russian, Armenian leaders hope to maintain close partnership

    The newly-appointed prime minister of Armenia , Nikol Pashinyan , attended today's meeting held by the Eurasian Economic Council in Sochi.
    No joke: Gotham renewed for final season by Fox

    No joke: Gotham renewed for final season by Fox

    Lethal Weapon did get renewed with the announcement that American Pie actor Seann William Scott will be replacing Clayne Crawford. Instead of paying licensing rights to Warner Bros, FOX looked to keep as much content in-house as possible.
    Tropical system developing in the gulf, New Orleans impact not expected

    Tropical system developing in the gulf, New Orleans impact not expected

    We will continue to keep you updated on-air and online on this developing system. We will have lots of sunshine to start off, with more clouds in the afternoon.