In the most popular encryption method found a hole

Share

This new vulnerability allows hackers and attackers the ability to read encrypted HTML emails in plaintext files.

The problem had been investigated by Sebastian Schinzel, at Munster University of Applied Sciences.

"While transport security between mail servers is useful against some attacker scenarios, it does not offer reliable security guarantees regarding confidentiality and authenticity of emails", the researchers state. Secure/Multipurpose Internet Mail Extensions (S/MIME) is an alternative end-to-end encryption standard that is used to secure corporate email communication. The new e-mail would embed portions of the cipertext in places that often aren't displayed by Thunderbird, Mail, Outlook, and more than two-dozen other e-mail programs. The encryption standard was developed in 1991 and means "Pretty Good Privacy".

Werner Koch, the developer behind GNU Privacy Guard (GnuPG), an open-source PGP software suite, was also critical of the research.

In order to execute an attack, the attacker needs to have access to your PGP or S/MIME encrypted emails and attack could be aimed to specifically target certain users.

If you are asked for the admin password, enter it to confirm the action.

But on Monday, Munich newspaper Süddeutsche Zeitung appeared to break that embargo.

The hacks: These essentially work by inserting manipulated text into an email that's been intercepted by hackers, and then sending it on to the unsuspecting recipient.

God of War photo mode finally lets Kratos smile and take selfies
Players can access the photo mode camera in the options or by customizing your controls to allow you for touch pad quick access. Speculation about God of War patch 1.17 is that it fixes some fringe cases where HDR was bugged for some players.

However, one provider of software that can encrypt data using PGP explained the problem specifically concerned email programs that failed to check for decryption errors properly before following links in emails that included HTML code.

The attacker manages to get hold of an encrypted email. "The result is really elegant", he tells the newspaper.

In line with all expert cryptographic advice to date, BestVPN.com recommends the use of PGP in a number of our core articles. "Poking through an OpenPGP implementation is like visiting a museum of 1990s crypto", he warned.

While full details of the flaw are continuing to come to light, Süddeutsche Zeitung reports that although affected vendors have had months to patch the flaws, they've run into challenges.

The research also prompted the Electronic Freedom Foundation (EFF) to issue a warning that encrypted messages sent in the past could be exposed through exploitation of the vulnerability.

EFF said in a blog post that users should uninstall PGP until the flaw is patched.

Another way would be to use authenticated encryption via tools such as OpenPGP, he argued.

Researchers promised to publish more details tomorrow, Tuesday, May 15.

Share