efail   53

« earlier    

In Apple Mail, There’s No Protecting PGP-Encrypted Messages
In a nutshell, the EFAIL attack works like this: First, the attacker needs a copy of a message that’s encrypted to your public key. They could get this by hacking your email account, hacking your email server, compelling your email provider to hand it over with a warrant, intercepting it while spying on the internet, or other ways. PGP was specifically designed to protect against this — the promise of PGP is that even attackers with copies of your encrypted messages can’t decrypt them, only you can. When you receive an email that’s encrypted to your public key, your email client automatically uses your secret key to decrypt it so that you can read it. The EFAIL researchers discovered that they could craft a special email that secretly includes a stolen encrypted message within it, and then send it to you. When you receive the malicious email, your email client uses your secret key to automatically decrypt the pilfered message within the malicious email, and then sends a decrypted copy of the stolen message back to the attacker — for example, through a web request to load an image into the email.
efail  encryption  pgp  gpg  email  cybersecurity 
8 weeks ago by bwiese
New PGP Encryption Exploits Are Being Discovered Almost Every Other Day
Gizmodo was alerted to flaws discovered as recently as Wednesday that currently impact multiple PGP implementations, including Enigmail (Thunderbird) and GPGTools (Apple Mail)—the technical details of which are withheld here while the appropriate developers are contacted and given time to address them.

“It wasn’t a case of having to write software to do this. You could literally just cut and paste what they said in the paper and use it. The video of how easy it was to use, that was the thing that clinched it for me—sitting and watching a video of someone just clicking a few buttons and being able to exfiltrate data.”

“It’s sometimes better to [temporarily] disable encryption (or decrypt in the terminal) than to have your whole past communication at stake.”
pgp  gpg  cybersecurity  crypto  encryption  efail  vulnerability 
8 weeks ago by bwiese
Untitled (https://support.apple.com/en-us/HT208849)
RT : Update your Apple devices! direct exfiltration patch for macOS/iOS available: (CVE-2018-4227)
Efail  from twitter
10 weeks ago by dylan20
Twitter
RT : Correct. EFF said that the full implications of weren’t clear so non-techni…
efail  from twitter
11 weeks ago by Xylakant
Twitter
RT : Much of the security community complained that EFF was “overhyping” the vulnerability, but it increasingly l…
efail  from twitter
11 weeks ago by Xylakant
(429) https://mobile.twitter.com/i/web/status/998534386147618816
RT : I wrote about for , but really I wrote about how email is terrible and will always result in pro…
EFail  from twitter_favs
12 weeks ago by briantrice
Efail: can email be saved? / Boing Boing
The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? One way to think about Efail is that it was caused by a lack of central coordination and…
efail 
12 weeks ago by daniel.zappala
Decade-old Efail flaws can leak plaintext of PGP- and S/MIME-encrypted emails | Ars Technica
Researchers explain the attack behind their warning to disable email plugins for now.
efail 
12 weeks ago by daniel.zappala
Twitter
Due to , I removed Enigmail and I'm not planning on putting it back. Don't send me encrypted emails, please -…
efail  from twitter_favs
12 weeks ago by ciphpercoder
Twitter
RT : The disclosure timeline for according to . Note it is not, as was widely repeated, one day before publ…
Efail  from twitter
may 2018 by ciphpercoder

« earlier    

related tags

@twitter  andybaio  aquent  blog  bookmarks  bug  codinghorror  community  crypto  cryptography  culture  cybersecurity  disclosure  ecard(s)  email  encrypted  encryption  enigmail  etiquette  exploit  fail  flaw  funny  gmail  gnupg  gpg  hacker  html_email  humor  ifttt  imported  infosec  jargon  language  lolcats  makers  managers  matthewgreen  meme  messaging  monstre  onlineculture  openpgp  pgp  privacy  productivity  protocolesdecommunication  publish  read  s/mime  security  smime  thunderbird  twitter-like  twitter  verschlüsselung  vulnerability 

Copy this bookmark:



description:


tags: