Popular encrypted email standards are unsafe: researchers

Great advice... disable the weak encryption and replace with no encryption.

HTML - How so ?

Great advice... disable the weak encryption and replace with no encryption.

It sounds silly, but the problem is that if people have it installed, they may be doing so under the belief that it's actually secure, and sending mail as such. Removing it altogether of course leaves it all unecrypted, but email has never been considered a secure format of data transport.

"If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now."

This isn't reported very well. The advice is not so much about disabling encryption, but about about not letting your e-mail client handle it through plugins. I.e. if you need to encrypt your mails, do it yourself.

https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/

Agreed that the article isn't well written, the security aspect of PGP/etc aside is separate from reading HTML based emails, the two are not connected.

The argument to not use any encryption is not good. It's like saying, as WiFi's WEP protocol is hackable, you shouldnt use it, even if that's all your old WiFi AP supports. However understanding that PGP/etc are not now considered strong is something that needs to be reminded to users, and providers alike, so until a new version becomes available, I doubt it's wise to suddenly just turn it off.

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.

And the above has nothing to do with S/MIME or PGP, poorly researched article with the usual fake headline, the encrypted email itself is not vulnerable to anything.

how about proton mail?

Nothing is secure in internet communication. That is the very first thing to be taught for any internet users.

Nothing is secure in internet communication.

Other that secure communications that is.

Security ? What Security - Just look at the latest unfolding story regarding Amazon's Alexa....

Security ? What Security - Just look at the latest unfolding story regarding Amazon's Alexa....

Which is literally an entirely separate issue from this one. This article is about an encryption protocol with a vulnerability, the other is about a company with a product that does more than it should.