US wary of North Korean cyber prowess ahead of Kim-Trump summit
Samsung Galaxy J6 with Infinity Display Launch on May 21: Features, Specifications
What Is 'Google One' And Do You Need To Care?
YouTube Music, YouTube Premium launched
Nokia 7 Plus Gets Dual SIM 4G VoLTE Support as Promised Earlier
Experts have warned of the danger to encrypt emails
14 May 2018, 07:12 | Jodi Jackson
Daniel Sambraus—EyeEm Getty Images
Security experts are warning PGP users to disable tools that automatically decrypt PGP-encrypted email after the discovery of a critical vulnerability which could help attackers read protected emails. The flaw, named EFAIL, reportedly affects both sent and received messages, including past correspondence. PGP encryption is used by some of the bigger guys such as Apple Mail, Outlook, and Thunderbird.
The use of PGP - short for Pretty Good Privacy - for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russian Federation. Dmitri Strukov, a professor of electrical and computer engineering at the University of California, and his team are working to put an additional security measure on internet-connected devices to prevent hackers from cloning them. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available.
The advice of the EFF and Schinzel mirror one another: disable any plug-ins using PGP, stop sending and reading PGP-encrypted email and use other channels using end-to-end encryption like Signal for the time being. Instead, the flaw is in various email programs that failed to check for "decryption errors properly before following links in emails that included HTML code".
More specifically, the vulnerability has been discovered in the PGP or S/MIME software for email encryption. "They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past".
The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim.
EFF said in a blog post that users should uninstall PGP until the flaw is patched.
Another short term fix that the security researchers suggest is that OpenPGP and S/MIME users decrypt emails, outside of their primary email client.
It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.
Disabling PGP and S/MIME are seen as conservative stopgaps until proper mitigation can be applied more broadly.
To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. The Efail attacks rely on external communication and if a user is decrypting emails in a standalone application, the risks are somewhat muted.
Ryan Reynolds Plays 'Deadpool' Video Game for the First Time
Catch Reynolds in Deadpool 2 , which hits theaters on May 18 in the US, May 15 in the United Kingdom and May 16 in Australia. He informed the judges that he hadn't told anyone of his surprise appearance on the show, including wife Blake Lively .
Fielding miscue dooms Pirates in 5-0 loss to Giants
Pirates: RHP Joe Musgrove (right shoulder strain) will have one more rehab start after throwing 5 2/3 innings on Saturday. A few thoughts and observations about where the Pirates have been over the past few days and where they're headed ...
Pour One Out For The Monster Hunter Movie Already
The film will have a budget of around $60 million from Constantin Film, and will be shot around Cape Town in South Africa. Not much is known about the film right now, although presumably it will involve a bunch of people hunting monsters.
Delay in ICSE, CBSE results worries students
Seven of the 13 toppers in the Class 10 ICSE exams and six of the 49 toppers in the Class 12 ISC exams are from Mumbai city. The pass percentage of the ISC Class 12 Results was 96.56 per cent in 2017, nearly same as 2016's 96.46 per cent.