Critical flaw found in email encryption tools

Sebastian Schinzel, a professor of Computer Security at the Münster University of Applied Sciences, this week issued a dire warning about a critical flaw in the S/MIME and OpenPGP encryption tools, which would allow attackers to read supposedly encrypted emails in plaintext form.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today. The flaw, named EFAIL, reportedly affects both sent and received messages, including past correspondence.

According to Schinzel, no fixes currently exist for the vulnerability, and the best thing users can do for now is to disable the relevant encryption standards:

EFF's statement on the matter mirrored Schinzel's, and also includes instructions on how to disable PGP plug-ins in Thunderbird with Enigmail, Apple Mail with GPGTools and Outlook with Gpg4win. The digital privacy watchdog also suggested the use of alternatives, such as Signal, for the time being as the implications of the vulnerabilities described in the paper are better understood, and hopefully mitigated, by the cybersecurity community.

Source: EFF via BleepingComputer

Report a problem with article
1526307727_screenshot_(79)
Next Article

Bethesda officially announces Rage 2, gameplay reveal tomorrow

1526155873_hp_envy_17_notebook_home_office_a_0566
Previous Article

HP announces a range of premium new Envy laptops, convertibles, and desktops

8 Comments - Add comment

Advertisement