Advertisements
Want create site? Find Free WordPress Themes and plugins.

Image: Ulrich Baumgarten via Getty Images

Nobody wants snoops peeking at their emails. Unfortunately, the newly discovered “Efail” vulnerability could make that a possibility. 

On Monday morning, the Electronic Frontier Foundation (EFF) reported that Efail is able to expose HTML emails encrypted with PGP and S/MIME encryption programs — even those that were sent years ago. These tools are commonly employed by journalists, politicians, and other users who require secure communication. 

“In a nutshell, Efail abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs,” the researchers write. 

“The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.”

In other words, once hackers gain access to your emails, they can use the HTML tags in your emails to prompt mail clients to erroneously decrypt those emails in a way that hackers can access.  

So, what should you do? 

EFF’s recommendation: If you use PGP or S/MIME, disable them, and uninstall the tools that decrypt them. 

The security community, however, has claimed these measures aren’t necessary. 

ProtonMail, for example, claims that many data encryption and decryption services are already patched against Efail. ProtonMail itself has verified that it is not vulnerable to Efail. 

Dan Guido, CEO of security company Trail of Bits, claims that Efail should be very easy for clients and savvy users to detect. 

But if you’re still worried, you can always opt for plain-text over HTML emails — or just use Signal like everyone else. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f85091%2fa32d7063 b4aa 45e5 8762 30703ada18bd

Did you find apk for android? You can find new Free Android Games and apps.
Advertisements
0 Comments

Leave a reply

©2018 Cyberian.pk

 
or

Log in with your credentials

or    

Forgot your details?

or

Create Account