The researchers meant to hold off on full publication until Tuesday, May 15, though the white paper was published earlier due to the embargo being broken. The digital privacy watchdog also suggested the use of alternatives, such as Signal, for the time being as the implications of the vulnerabilities described in the paper are better understood, and hopefully mitigated, by the cybersecurity community.
The use of PGP for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the US National Security Agency before fleeing to Russian Federation.
Sebastian Schinzel, professor of computer science at Münster University investigated the flaw, tweeting that full details of the vulnerability will be available from 15 May.
PGP uses an algorithm to generate a "hash", or mathematical summary, of a user's name and other information.
By comparison, the Gadget Attack affects a much wider variety of mail clients, including Microsoft's Outlook, but ranges in efficacy based on whether it's used against PGP or S/MIME encryption.
"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs".
"They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past", researchers said.
The attack relies on contacting the same person that sent the encrypted email in the first place.
While the requirement that attackers have access to previously sent e-mails is a an extremely high bar, the entire objective of both PGP and S/MIME is to protect users against this possibility.
UPDATE 2: Because some researchers started disclosing details about the vulnerability ahead of schedule, the efail.de website is now live, along with the research paper, both containing more info on the EFAIL vulnerability. This is then encrypted with the sender's private "key" and decrypted by the receiver using a separate public key. However, the researchers have confirmed the exploitable vulnerabilities only exist for email users. PGP and S/MIME are said to have flaws that could be exploited to get access to any incoming or outgoing emails on platforms that use either of the two encryption tools.
New Jersey's long road to legalizing sports gambling
Congress can regulate sports gambling directly, but if it elects not to do so, each state is free to act on its own. Trump's administration was on the opposite side of the case, opposing the New Jersey law championed by Christie.
TMC workers barring voters from casting votes
Minister and local Trinamool MLA Mantu Pakhira denied the allegation and said the fire may have been caused by short circuit. The court in its order stated that any loss of life or damage to property has to be compensated by the state government.
Indian curriculum ICSE results released today
The declaration of the ICSE and ISC results will seal the fate of lakhs of students who have appeared for the examination. In terms of regions, the southern region recorded the highest pass percentage in Class 12 at 98.38 percent.
Mumbai Indians vs Rajasthan Royals
Suryakumar Yadav has been in good form and is giving Mumbai Indians a solid start time and again but he needs support from Lewis. For Hindi commentary tune into Star Sports Hindi and HD. "So, you got to learn some variations, you got to get smart".