Published: Tue, May 15, 2018
Industry | By Dora Warner

Encrypted Emails May Be Readable

Encrypted Emails May Be Readable

While the researchers and the Electronic Frontier Foundation recommend that users of the technology disable it, this likely affects few law firms. On the other hand, S/MIME is used mainly in enterprise infrastructure.

The EFF, which in its alert published specific ways to disable it in specific clients, echoed the assessment.

The use of PGP - short for Pretty Good Privacy - for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russian Federation.

In 2017, the ABA Standing Committee on Ethics and Professional Responsibility released Formal Opinion 477 on "Securing Communication of Protected Client Information".

Although further details on the encryption flaws were expected to go public by May 15th, they have leaked early.

The second component, referred to as CBC/CFB gadget attack, potentially allows an attacker to send malformed data blocks that, when read by the target, would fool the email client into sending to the attacker's server the unencrypted contents of the message.

Xbox Controller Designed for Accessibility Image Leaks
Bleeping Computer has contacted Microsoft regarding this controller but they do not have any comment at this time. Put away the gift cards and chocolates - we all know what we'd really like for our special days, videogames.


If you are asked for the admin password, enter it to confirm the action.

Mikko Hypponen, chief research officer at F-Secure, has called out researchers' warning that the flaws could be used to decrypt past messages.

But on Monday, Munich newspaper Süddeutsche Zeitung appeared to break that embargo.

Matthew Green, assistant professor at the Department of Computer Science at Johns Hopkins University and crypto-expert broke down the attack in simpler terms: "In a nutshell, if I intercept an encrypted email sent to you, I can modify that email into a new encrypted email that contains custom HTML", he tweeted.

'If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now'.

They then would have to send the contents of that encrypted email back to its owner - the victim - in a carefully crafted way to make email clients think it's HTML. "The result is really elegant", he tells the newspaper.

Jumbo Jet-Sized Asteroid Due to Whiz Past Planet on Tuesday Afternoon
A huge asteroid is expected to fly by earth at 28,655 miles per hour on Tuesday - but will probably miss. On April 15, an asteroid called 2018 GE3 flew by about 119,500 miles away from Earth .


Whistle-blowers, political activists and others who depend on encrypted email could all be compromised by the bug, the researchers said in a blog post.

In the wake of the new research, Green tells Süddeutsche Zeitung: "This is another bullet hole in an already perforated auto". But in the meantime, affected email clients are preparing patches to address the flaw.

Keith Lee, the founder of a LawyerSmack, an online legal community, says: "The most [lawyers] are doing is using GSuite or some equivalent and relying on that in transit encryption, but are rarely (if ever) actually encrypting the text/content of emails".

The research, dubbed "efail", explains how it's possible to exploit buggy email platforms, particularly in the way PGP is integrated into the platform.

The issue had been "overblown" by the EFF, said Werner Koch, of GnuPG. EFF has a write up on this also with all the links you need if reading Twitter is not your thing. That's because EFAIL can be stopped by using authenticated encryption; OpenPGP started to support authenticated encryption in 2001.

"While transport security between mail servers is useful against some attacker scenarios, it does not offer reliable security guarantees regarding confidentiality and authenticity of emails", the researchers state. And many corporate email services employ S/MIME.

U.S. has sacrificed its role as Middle East mediator, says Erdogan
Bozdag also said Turkey was calling an emergency meeting of the Organisation of Islamic Cooperation (OIC) on Friday, but did not give details over its format.


Like this: