{"id":5638,"date":"2018-05-14T13:57:18","date_gmt":"2018-05-14T11:57:18","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=5638"},"modified":"2018-05-14T13:57:18","modified_gmt":"2018-05-14T11:57:18","slug":"vulnerability-in-pgp-and-s-mime","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/05\/14\/vulnerability-in-pgp-and-s-mime\/","title":{"rendered":"Vulnerability in PGP and S\/MIME"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2018\/05\/14\/pgp-und-s-mime-e-mail-verschlsselung-mit-sicherheitslcke\/\" target=\"_blank\">German<\/a>]Security researcher found a critical vulnerability in encryption used by PGP and S\/MIME during encrypting e-mails. This results that encrypted messages may contain data in plain text and also old encrypted messages can be decrypted afterwards.<\/p>\n<p><!--more--><\/p>\n<p>Currently there are no details known to the public. Professor Sebastian Schinzel from University of applied science (FH-M\u00fcnster) M\u00fcnster (Germany) has announced on <a href=\"https:\/\/twitter.com\/seecurity\/status\/995906576170053633\" target=\"_blank\">Twitter<\/a> that he will publish the vulnerability on May 15, 2018.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">We'll publish critical vulnerabilities in PGP\/GPG and S\/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. <a href=\"https:\/\/twitter.com\/hashtag\/efail?src=hash&amp;ref_src=twsrc%5Etfw\">#efail<\/a> 1\/4<\/p>\n<p>\u2014 Sebastian Schinzel (@seecurity) <a href=\"https:\/\/twitter.com\/seecurity\/status\/995906576170053633?ref_src=twsrc%5Etfw\">14. Mai 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>  <\/p>\n<p>A critical vulnerability in PGP\/GPG and S\/MIME email encryption results in the message being available in plain text or can be decrypted later. Currently there is no method to mitigate the problem. On the site of the Electronic Frontier Foundation (EFF) there is <a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/05\/attention-pgp-users-new-vulnerabilities-require-you-take-action-now\" target=\"_blank\">this article<\/a> on the topic.<\/p>\n<p>The recommendation of EFF is to immediately disable and\/or uninstall tools that automatically decrypt PGP-encrypted emails. This recommendation is also shared by the security researchers who discovered the vulnerability. (via <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now\/\" target=\"_blank\">Arstechnica<\/a>) <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Security researcher found a critical vulnerability in encryption used by PGP and S\/MIME during encrypting e-mails. This results that encrypted messages may contain data in plain text and also old encrypted messages can be decrypted afterwards.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[1068,69],"class_list":["post-5638","post","type-post","status-publish","format-standard","hentry","category-security","tag-mail","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/5638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=5638"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/5638\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=5638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=5638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=5638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}