Attention PGP Users: New Vulnerabilities Require You To Take Action Now (eff.org) 48
A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).
In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.
In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.
Re:Holy shit! (Score:5, Insightful)
Isn't this supposed to be a peer reviewed...
Yes... which is how we know about the problem and can address it. Open Source isn't magic.
Re:Holy shit! (Score:5, Informative)
Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
Re: (Score:2)
Better mod this up because a lot of people will be getting this wrong.
Re: (Score:3)
Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.
Re: (Score:2)
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.
According to the EFF notice, it also affects Outlook with the GPG4win plugin. Outlook also has builtin S/MIME checking, and oddly, that's been throwing errors on the signed emails I'm getting from the ClamAV list this morning...
Weird Advice (Score:5, Insightful)
In other news, lock picks can be used to open up your model of door lock. We advise you to remove all door locks from your door until a lock pick proof lock can be engineered and installed.
Re:Weird Advice (Score:5, Interesting)
The key word was *automatically* – although it is not always clear in the press what you are supposed to do. So confusion will abound. No surprise there.
In the end, you can still use PGP, but you have to do more work to be safe. I think, if you understand how to use PGP to begin with, you can probably help yourself for now. If not, well
....
In your terms: keep your locks. But disable the remote locking feature (take the battery out) and don't use your app to lock your house - use your good old key you stored away in a box a long time ago. Yes, you will have to do actual work. And yes, someone can still break in - probably through the window. Or by kicking in the door
...
Re: (Score:2)
And that key word makes me think that this might have something to do with passphrase caching.
Re: (Score:2)
I think that if you read between the lines, the problem isn't that PGP can be broken. The problem is that there's a vulnerability in the PGP code such that a specially-crafted payload can exploit it and compromise your system... somehow.
That's why they're specifically warning not to automatically open PGP-encrypted messages. It implies that someone might send a malicious PGP message that could cause damage, so you should be careful about which messages you decrypt until this is fixed.
Re: (Score:2)
In other news, lock picks can be used to open up your model of door lock. We advise you to remove all door locks from your door until a lock pick proof lock can be engineered and installed.
Yeah, I can't help but think however said that had an agenda. It does appear Thunderbird is fully compromised, while most other email clients including outlook are only compromised for S/MIME, and even for that it is for Outlook only 2007 and earlier.
Re: Weird Advice (Score:2)
Encryption bugs are rarely in the "math" part of code, and more often in the surrounding stuff that handles content.
I'n guessing there is some sort of issue here where a cracker can expose data by sending a malformed email. So it's more like disabling a door lock that somebody could use to give you an electric shock...
Or any other encryption (Score:5, Informative)
Re:Or any other encryption (Score:5, Informative)
This site has the actual details (and paper): https://efail.de/
"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago. The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker."
Final straw. Computers are NOT secure. I'm done. (Score:2)
PGP is broken now? It's only had fairly infrequent and minor issues over time. If this is broken now, then it's the final sign that anyone who thinks computers can be secured is wrong. If you want something secure, write it down in a notebook. It'll be about 100x more secure than putting it on a computer simply by not being networked. Even if someone steals and reads your notebook it's better than someone having it on their phone (or PGP, now I guess) for the ENTIRE WORLD to come along and steal. Computers
Re:Final straw. Computers are NOT secure. I'm done (Score:5, Informative)
PGP is broken now? It's only had fairly infrequent and minor issues over time. If this is broken now, then it's the final sign that anyone who thinks computers can be secured is wrong. If you want something secure, write it down in a notebook. It'll be about 100x more secure than putting it on a computer simply by not being networked. Even if someone steals and reads your notebook it's better than someone having it on their phone (or PGP, now I guess) for the ENTIRE WORLD to come along and steal. Computers are great for games, everything else is debatable.
PGP is not broken. The way a few bad email clients are using it is broken. If you are not using Thunderbird you are safe with PGP. While S/MIME is comprised in every email client except modern Outlook, KMail, and mutt.
Re: (Score:2)
So, this isn't about my wearing pants?
Some advice is worth what you paid for it (Score:5, Informative)
Yes, indeed, some advice there. Because there is some potential for bad actors to possibly decrypt some of the PGP encrypted messages, if said messages include HTML with links to 3rd party sites (which your email client must display automatically), you need to **completely disable** email encryption. Then all of your email becomes clear text and, fully readable by anyone without effort, and thus you are completely safe from that vulnerability. SMH.
That wonderful advice is brought to you by researchers in no way sponsored by NSA or any other 3 letter agency.
For those worried - make sure your email client does not automatically display any embedded HTML links (or, better yet, just turn off HTML formatted email). I believe this is the default for Enigmail encrypted email anyway. Use plaintext, and you are as safe as cryptography allows. (I believe Enigmail authors posted a message to that effect).
Re: (Score:2)
which your email client must display automatically
Must? I guess I'm in real trouble. Because I read my e-mail with elm. The standards police will be kicking in my door any minute now.
Re: (Score:2)
you need to **completely disable** email encryption
And there's where your reading comprehension failed.
The recommendation is to disable automatic email decryption. Because a lot of email clients will automatically decrypt the email and then happily run the "active content" in that email (aka hit an external server to download images or other HTML-email-fun).
So go ahead an send emails encrypted. And go ahead and decrypt your emails...manually so that you're doing it in a place that will not automatically run the HTML.
Bad HTML Mail Clients (Score:2)
Re: (Score:2)
I'm no security expert, but allowing HTML mail to arbitrarily download embedded graphics in a mail client is just dumb. From my reading of the articles, doing that doesn't disable the problem, but keeps the information from escaping back to the malicious parties. This is a mail client problem triggering PGP to decrypt, then allowing the information to escape through embedded graphics, not a fundamental problem in PGP itself. Turning off HTML mail support at the client and just taking the text representation of the message looks like it completely defeats the hack. Tell me if I'm wrong.
As a KMail user I have the default to never download HTML content. You would be surprised how many emails rely on it, though mostly newsletter that can usually be ignored, but sometimes website-integration messages are equally crappy. In Kmail it fortunately an option to override the external content for a single email at a time, so this bug would only affect you if you did a warned against security override on an encrypted email, in which case you are asking for it, and you can't really leak more than what
Problem is in the MUAs, not really in OpenPGP (Score:5, Insightful)
From https://lists.gnupg.org/piperm... [gnupg.org] :
> 1. This paper is misnamed.
Indeed
> 2. This attack targets buggy email clients.
Exactly
> 3. The authors made a list of buggy email clients.
Well said.
The MUA should not allow *any* utilization of HTTP when rendering a HTML E-mail. Any form of doing that is a serious mistake. Not only because of what is reported here, but also because that way *that* use of HTTP will allow spammers to identify when you open the E-mail. They use that to know if your E-mail adress is still alive.
Serious MUAs don't do this without user consent. Most HTML components even have a explicit offline mode exactly for that reason. Meaning that they won't automatically go online and fetch things like the src url of an IMG.
Any MUA that does this without user consent is completely and utterly wrong. Especially in a security sensitive context. This is something most MUA developers know about and if not, should know.
Common sense for slashdotters is new for newbies (Score:2)
What might be common sense for us is certainly not for newcomers to PGP or those being made to use PGP in a corporate environment as part of a 'best practice'
when you're sending a PGP message, it needs to be plaintext. HTML is simply too dangerous to be disarmed in every conceivable application. This means your email messages should be read in plaintext for PGP.
I also think the EFF is a bit paranoid in issuing a 'full stop' to using PGP until this is fixed. At worst, you should send a link to the PGP d
Re: (Score:2)
I also think the EFF is a bit paranoid in issuing a 'full stop' to using PGP until this is fixed. At worst, you should send a link to the PGP document you'd like the user to read (in plaintext of course.)
The EFF said no such thing; they recommended uninstalling or disabling widgets that *automatically* decrypt in the MUA.
What spooks would like you to do... (Score:2)
Sounds like just what the spies would like you to do to gain temporary access to most communications that used to be encrypted, while disabling some of them...
Plaintext email FTW! (Score:3, Insightful)
Seriously - there’s no good reason for an email which is important enough to encrypt to include html or other “rich formatting” anyway. Just turn it all off.
Are EFF creating panic? PGP is not broken. (Score:1)
My understanding is this applies to HTML email (Score:2)
My understanding of this is that it applies only to HTML email - if you are using S/MIME and PGP/GnuPG with text-only emails, you should be fine. So why are EFF calling for disabling all PGP and GnuPG?