01-20-2019 01:01:48 PM -0800
01-20-2019 10:48:50 AM -0800
01-20-2019 07:24:01 AM -0800
01-19-2019 04:27:50 PM -0800
01-19-2019 11:09:10 AM -0800
It looks like you've previously blocked notifications. If you'd like to receive them, please update your browser permissions.
Desktop Notifications are  | 
Get instant alerts on your desktop.
Turn on desktop notifications?
Remind me later.
PJ Media encourages you to read our updated PRIVACY POLICY and COOKIE POLICY.

Stretch, grab a late afternoon cup of caffeine and get caught up on the most important news of the day with our Coffee Break newsletter. These are the stories that will fill you in on the world that's spinning outside of your office window - at the moment that you get a chance to take a breath.
Sign up now to save time and stay informed!

Beware: Critical Vulnerability Could Reveal Contents of Encrypted Emails

Cropped Hand Of Computer Hacker Typing On Keyboard

A team of European cybersecurity researchers discovered that hackers have can break the encryption of email that is designed to be highly secure. The vulnerability is being called Efail, and allows hackers to crack OpenPGP and S/MIME, two widely used email programs that provide full end-to-end encryption when using email. PGP (Pretty Good Privacy) is a popular encryption method that’s often added to email applications to make the email secure. It's considered the gold standard for email security.

The vulnerability affects journalists, businessmen, political activists, scientists, government security workers, whistleblowers, and others who depend on encrypted email.

The Electronic Frontier Foundation is advising users to “immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. It provided instructions for disabling PGP plug-ins in Thunderbird, Apple Mail, and Outlook.”

They go on to say, “EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

The company that makes the widely used secure email service ProtonMail noted that their email service is not vulnerable to this issue.

The problem was investigated by Sebastian Schinzel, a professor of computer security at Munster University of Applied Sciences. He noted, “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”

Initially, there was concern among cybersecurity experts that all files encrypted with PGP were vulnerable, but that was not the case. The problem involves whether the email programs check for errors in the decryption. It’s not a vulnerability in PGP system but rather in the email apps that were lacking the safeguards in using PGP.

You can read more about what the researchers are calling the EFAIL vulnerability here.