The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© (c) Copyright Thomson Reuters 2018.Popular encrypted email standards are unsafe: researchers
By Douglas Busvine FRANKFURT©2024 GPlusMedia Inc.
11 Comments
Login to comment
mmwkdw
Great advice... disable the weak encryption and replace with no encryption.
mmwkdw
HTML - How so ?
Strangerland
It sounds silly, but the problem is that if people have it installed, they may be doing so under the belief that it's actually secure, and sending mail as such. Removing it altogether of course leaves it all unecrypted, but email has never been considered a secure format of data transport.
albaleo
This isn't reported very well. The advice is not so much about disabling encryption, but about about not letting your e-mail client handle it through plugins. I.e. if you need to encrypt your mails, do it yourself.
https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/
mmwkdw
Agreed that the article isn't well written, the security aspect of PGP/etc aside is separate from reading HTML based emails, the two are not connected.
The argument to not use any encryption is not good. It's like saying, as WiFi's WEP protocol is hackable, you shouldnt use it, even if that's all your old WiFi AP supports. However understanding that PGP/etc are not now considered strong is something that needs to be reminded to users, and providers alike, so until a new version becomes available, I doubt it's wise to suddenly just turn it off.
mrtinjp
To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.
And the above has nothing to do with S/MIME or PGP, poorly researched article with the usual fake headline, the encrypted email itself is not vulnerable to anything.
macv
how about proton mail?
socrateos
Nothing is secure in internet communication. That is the very first thing to be taught for any internet users.
Strangerland
Other that secure communications that is.
mmwkdw
Security ? What Security - Just look at the latest unfolding story regarding Amazon's Alexa....
Strangerland
Which is literally an entirely separate issue from this one. This article is about an encryption protocol with a vulnerability, the other is about a company with a product that does more than it should.