Buzz
Sebastian Schinzel, a computer security professor, has issued a warning about these vulnerabilities on Twitter, advising users currently using these encryption systems to disable them and switch to alternative solutions for sending encrypted data, including messaging platforms like Signal.
Initially, the vulnerabilities were scheduled to be disclosed on Tuesday. However, the research team decided to publish a detailed analysis of the vulnerabilities today on a website named EFAIL, which is also the term security experts use to describe the susceptibility.
Discovery of Vulnerabilities in PGP/GPG and S/MIME Email Encryption
According to researchers, 'EFAIL attacks exploit vulnerabilities in OpenPGP and S/MIME standards to reveal plaintext in encrypted emails. In essence, EFAIL abuses the active content of HTML emails, such as externally loaded images, to leak plaintext through requested URLs.'
'To exploit these channels, attackers first need access to encrypted emails, such as by eavesdropping network traffic, compromising email accounts, email servers, backup systems, or client computers. These emails may even have been collected from years ago.'
Standards Need Updating
The Electronic Frontier Foundation has just published a blog post warning users about vulnerabilities, explaining that encryption plugins in the most popular applications have leaked, including Thunderbird with Enigmail, Apple Mail with GPGTTools, and Outlook with Gpg4win.
EFF states: 'We advise users to disable or uninstall tools that automatically decrypt PGP-encrypted emails,' emphasizing users should only revert to previous configurations when patches are available.
Furthermore, researchers also note that OpenPGP and S/MIME standards need updating to counter EFAIL attacks, but stress that this process will take some time.
Trial email users need to take measures to protect their information data, with Gmail users, besides setting up complex passwords, two-layer security is also crucial, perform steps to update Gmail 2-step security verification here to enhance the security of their mailbox.
Despite being one of the top-rated antivirus programs today, it seems that the Windows 10 April 2018 Update and the Avast development team have yet to optimize compatibility with this operating system, Avast Antivirus being the culprit behind the issues on Windows 10 April 2018, causing considerable inconvenience for users.
