recentpopularlog in

efail

« earlier   
In Apple Mail, There’s No Protecting PGP-Encrypted Messages
In a nutshell, the EFAIL attack works like this: First, the attacker needs a copy of a message that’s encrypted to your public key. They could get this by hacking your email account, hacking your email server, compelling your email provider to hand it over with a warrant, intercepting it while spying on the internet, or other ways. PGP was specifically designed to protect against this — the promise of PGP is that even attackers with copies of your encrypted messages can’t decrypt them, only you can. When you receive an email that’s encrypted to your public key, your email client automatically uses your secret key to decrypt it so that you can read it. The EFAIL researchers discovered that they could craft a special email that secretly includes a stolen encrypted message within it, and then send it to you. When you receive the malicious email, your email client uses your secret key to automatically decrypt the pilfered message within the malicious email, and then sends a decrypted copy of the stolen message back to the attacker — for example, through a web request to load an image into the email.
efail  encryption  pgp  gpg  email  cybersecurity 
4 weeks ago by bwiese
New PGP Encryption Exploits Are Being Discovered Almost Every Other Day
Gizmodo was alerted to flaws discovered as recently as Wednesday that currently impact multiple PGP implementations, including Enigmail (Thunderbird) and GPGTools (Apple Mail)—the technical details of which are withheld here while the appropriate developers are contacted and given time to address them.

“It wasn’t a case of having to write software to do this. You could literally just cut and paste what they said in the paper and use it. The video of how easy it was to use, that was the thing that clinched it for me—sitting and watching a video of someone just clicking a few buttons and being able to exfiltrate data.”

“It’s sometimes better to [temporarily] disable encryption (or decrypt in the terminal) than to have your whole past communication at stake.”
pgp  gpg  cybersecurity  crypto  encryption  efail  vulnerability 
4 weeks ago by bwiese
Untitled (https://support.apple.com/en-us/HT208849)
RT : Update your Apple devices! direct exfiltration patch for macOS/iOS available: (CVE-2018-4227)
Efail  from twitter
6 weeks ago by dylan20
Twitter
RT : Correct. EFF said that the full implications of weren’t clear so non-techni…
efail  from twitter
7 weeks ago by Xylakant
Twitter
RT : Much of the security community complained that EFF was “overhyping” the vulnerability, but it increasingly l…
efail  from twitter
7 weeks ago by Xylakant
(429) https://mobile.twitter.com/i/web/status/998534386147618816
RT : I wrote about for , but really I wrote about how email is terrible and will always result in pro…
EFail  from twitter_favs
8 weeks ago by briantrice
Efail: can email be saved? / Boing Boing
The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? One way to think about Efail is that it was caused by a lack of central coordination and…
efail 
8 weeks ago by daniel.zappala
Decade-old Efail flaws can leak plaintext of PGP- and S/MIME-encrypted emails | Ars Technica
Researchers explain the attack behind their warning to disable email plugins for now.
efail 
8 weeks ago by daniel.zappala
Twitter
Due to , I removed Enigmail and I'm not planning on putting it back. Don't send me encrypted emails, please -…
efail  from twitter_favs
8 weeks ago by ciphpercoder
Twitter
RT : The disclosure timeline for according to . Note it is not, as was widely repeated, one day before publ…
Efail  from twitter
9 weeks ago by ciphpercoder

Copy this bookmark:





to read