Slashdot Mirror
Attention PGP Users: New Vulnerabilities Require You To Take Action Now (eff.org)
A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).
In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).
In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).
Isn't this supposed to be a peer reviewed...
Yes... which is how we know about the problem and can address it. Open Source isn't magic.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
In other news, lock picks can be used to open up your model of door lock. We advise you to remove all door locks from your door until a lock pick proof lock can be engineered and installed.
The problem is the clients decrypt, then process any external requests for content. So if you can re-send an encrypted email with an external content request added to it, the client will happily decrypt then send the content request with your precious decrypted content. If you globally disable fetching any external content you don't have to worry. The encryption protocols all work fine, it is the behavior of the clients after the decryption that is the problem. So S/MIME would be affected too, or potentially any other encryption tool. Refusing to load any external content under any circumstances is good advice anyway.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
Yes, indeed, some advice there. Because there is some potential for bad actors to possibly decrypt some of the PGP encrypted messages, if said messages include HTML with links to 3rd party sites (which your email client must display automatically), you need to **completely disable** email encryption. Then all of your email becomes clear text and, fully readable by anyone without effort, and thus you are completely safe from that vulnerability. SMH.
That wonderful advice is brought to you by researchers in no way sponsored by NSA or any other 3 letter agency.
For those worried - make sure your email client does not automatically display any embedded HTML links (or, better yet, just turn off HTML formatted email). I believe this is the default for Enigmail encrypted email anyway. Use plaintext, and you are as safe as cryptography allows. (I believe Enigmail authors posted a message to that effect).
I'm no security expert, but allowing HTML mail to arbitrarily download embedded graphics in a mail client is just dumb. From my reading of the articles, doing that doesn't disable the problem, but keeps the information from escaping back to the malicious parties. This is a mail client problem triggering PGP to decrypt, then allowing the information to escape through embedded graphics, not a fundamental problem in PGP itself. Turning off HTML mail support at the client and just taking the text representation of the message looks like it completely defeats the hack. Tell me if I'm wrong.
From https://lists.gnupg.org/piperm... :
> 1. This paper is misnamed.
Indeed
> 2. This attack targets buggy email clients.
Exactly
> 3. The authors made a list of buggy email clients.
Well said.
The MUA should not allow *any* utilization of HTTP when rendering a HTML E-mail. Any form of doing that is a serious mistake. Not only because of what is reported here, but also because that way *that* use of HTTP will allow spammers to identify when you open the E-mail. They use that to know if your E-mail adress is still alive.
Serious MUAs don't do this without user consent. Most HTML components even have a explicit offline mode exactly for that reason. Meaning that they won't automatically go online and fetch things like the src url of an IMG.
Any MUA that does this without user consent is completely and utterly wrong. Especially in a security sensitive context. This is something most MUA developers know about and if not, should know.
Seriously - there’s no good reason for an email which is important enough to encrypt to include html or other “rich formatting” anyway. Just turn it all off.
#DeleteChrome
PGP is broken now? It's only had fairly infrequent and minor issues over time. If this is broken now, then it's the final sign that anyone who thinks computers can be secured is wrong. If you want something secure, write it down in a notebook. It'll be about 100x more secure than putting it on a computer simply by not being networked. Even if someone steals and reads your notebook it's better than someone having it on their phone (or PGP, now I guess) for the ENTIRE WORLD to come along and steal. Computers are great for games, everything else is debatable.
PGP is not broken. The way a few bad email clients are using it is broken. If you are not using Thunderbird you are safe with PGP. While S/MIME is comprised in every email client except modern Outlook, KMail, and mutt.
I also think the EFF is a bit paranoid in issuing a 'full stop' to using PGP until this is fixed. At worst, you should send a link to the PGP document you'd like the user to read (in plaintext of course.)
The EFF said no such thing; they recommended uninstalling or disabling widgets that *automatically* decrypt in the MUA.
Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.
According to the EFF notice, it also affects Outlook with the GPG4win plugin. Outlook also has builtin S/MIME checking, and oddly, that's been throwing errors on the signed emails I'm getting from the ClamAV list this morning...
This all goes back to really stupid features being added to email. There is no good reason to load external resources into an email. Want to include an image in your email? Go for it, but include it in the email. Why the hell would an external image get automatically loaded in an email that I downloaded for offline reading?!?! If it's external, just provide a link to it. Hell, just get rid of HTML email altogether!
The CBC "gadget" vulnerability seems kinda scary (see https://efail.de/), but I'm fairly certain that a signed and encrypted message would identify these (modifying the encrypted message via CBC gadget will break the message signature). While one *can* send an encrypted message that is not signed, that's never actually done. So, if you get an encrypted message that is not signed, that set off an alarm in the email client and lock down that message (sandbox it).
This is 100% the fault of the email client implementations. FWIW, if you still use mutt or pine or alpine etc, you're safe for now. They did mention other backchannels, but didn't name any... maybe more will be disclosed on that later?
This could be misunderstood -- the whole point of the attack is that the attacker changes a non-HTML email into an HTML one. If your mail client doesn't support HTML (or displays the formatting but doesn't fetch anything) then you're fine.
This isn't correct.
There are two bugs. One is a sort of braindead one which only affects a small number of clients (including Thunderbird and Apple Mail), and has nothing to do with PGP or SMIME.
The other one is more serious, and does have to do with SMIME and PGP. Basically, if an attacker has a copy of an email which is encrypted but not signed, and knows what some of the plaintext is exactly, she can splice out those bits and put in other bits. And basically all e-mails contain things like Content-type: text/plain. So, an attacker can modify that to Content-type: text/html\n\n <img src=.
Regarding this bug, the website says:
I agree that it's a bug for MUAs to automatically download external content in encrypted emails. But it's a much more understandable bug to make.
TCP: Why the Internet is full of SYN.
Nobody said open source is a panacea to make software secure, bit it *is* a prerequisite for a user to verify that a piece of software is secure. It's like politicians that don't reveal their tax returns: those that don't do it aren't necessarily crooked, and those that do aren't necessarily honest. But one of the criteria for being certain that they're honest is to be able to audit those returns.
Apple Mail is fine, and I'm sure others are too, if you turn off "Load remote content". I did that a while ago because it's one of the ways FB and Google both track you.
The cesspool just got a check and balance.
This is 100% the fault of the email client implementations. FWIW, if you still use mutt or pine or alpine etc, you're safe for now.
Oh, yes. Mutt user here (at least for encrypted email), because I have never trusted these messed up insecure jokes that pass for email software these days. Automatically loading stuff from external places in this way is an instant security fail. Nobody with a clue is surprised this can be exploited.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.