Image: eff.org
German information security researchers have
published information about serious PGP and S / MIME vulnerabilities that lead to the disclosure of information contained in encrypted emails. There are currently no fixes for these security bugs.
')
What is the problem
PGP (Pretty Good Privacy) is an encryption standard that is often used to secure email communications. S / MIME (Secure / Multipurpose Internet Mail Extensions) is another widely used email encryption tool.
As the researchers found out, both of these technologies contain vulnerabilities, using which attackers can gain access to the data that was encrypted. Worse, the messages sent in the past can also be decrypted.
The researchers
published a detailed technical description of the detected errors, from which it becomes clear that the problems are not in the operation of encryption algorithms, but in the plugin mechanism for decrypting messages.
How to protect
The presence of “undisturbed” vulnerabilities was
confirmed by representatives of the Electronic Frontier Foundation (EFF), recommending that users immediately disable plug-ins and email clients using vulnerable technologies, in particular:
- Thunderbird client with Enigmail tool;
- Apple Mail with GPGTools;
- Outlook with Gpg4win.