It is currently Thu Sep 20, 2018 11:49 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Critical vulnerabilities in PGP/GPG and S/MIME email encrypt
PostPosted: Mon May 14, 2018 1:23 pm 
Offline
Addict
Addict

Joined: Sat Mar 02, 2013 9:17 am
Posts: 931
https://twitter.com/seecurity/status/995906576170053633 :shock:

_________________
http://www.nachtoptik.de


Top
 Profile  
Reply with quote  
 Post subject: Re: Critical vulnerabilities in PGP/GPG and S/MIME email enc
PostPosted: Fri May 25, 2018 12:51 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Wed Jun 25, 2014 5:25 pm
Posts: 257
Location: Germany
This statement is wrong. The vulnerability exists with the email clients, which don't process the HTML emails correctly. The decrypted email text is interpreted by the email clients as part of a URL pointing to an image, and when fetching this URL, the server who is contacted for it, gets the URL with the decrypted email text. The encryption is therefore not cracked.

A new version of the add-on "Enigmail" for Thunderbird has already been released, which closes this vulnerability. A fix from the Thunderbird developers would have taken longer, so the Enigmail developers did the fix.

HTML emails are usually bad in view of security. People who had disabled the display of HTML emails in their email client were not affected by this vulnerability.

_________________
Image
Why OpenSource should have a license
PureBasic-CodeArchiv-Rebirth: Git-Repository / Download -- Any help is welcome!
Manjaro Xfce x64 (Main system) :: WindowsXP/Xubuntu x86 (VirtualBox) :: PureBasic (Linux: x86/x64, Windows: x86) :: All are up to date


Top
 Profile  
Reply with quote  
 Post subject: Re: Critical vulnerabilities in PGP/GPG and S/MIME email enc
PostPosted: Fri May 25, 2018 1:06 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jun 22, 2003 7:43 pm
Posts: 246
Location: Germany, Homburg (Saar)
In fact Thunderbird was not affected with unchanged settings because it never loads external resources without asking you first.

_________________
Electronics, Crazy & Interesting Stuff, all that with text, image and sound? Click here!

The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: chrisjordan and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye