An important vulnerability was found in a widely used email encryption technology, according to researchers.
PGP (Pretty Good Privacy) is a data encryption method sometimes added to programs that send and receive emails. Details of the security gap were made public by Suddeutsche Zeitung, and previously the Electronic Frontier Foundation (EFF) had recommended the immediate cessation of the use of email tools that automatically decoded PGP.
As the BBC says, the program has been explored by Sebastian Schinzel, FH Munster. Following the lifting of a security embargo, Schinzel and colleagues published their research on how this particular attack on PGP emails was working, and a website -where the issue was explained- was made.
Initially there was concern among cyber-security researchers that the issue was affecting the PGP’s central protocol – which would mean that all uses of the method, including file encryption, would be vulnerable. However, a software provider that encrypts data via PGP explained that the problem was specifically about email programs that did not check for decryption errors before following Links to emails that included HTML code.
As Security Officer Mikko Haiponen of F-Secure concluded on BBC, the security gap could theoretically be used to decrypt encrypted emails sent in the past if someone had access to them.
“This is bad, because those who use PGP do it because they have a reason. They do not use it for fun – those who use it have real secrets, such as business secrets, or confidential information. “
(Συνολικές Επισκέψεις: / Total Visits: 8)
(Σημερινές Επισκέψεις: / Today's Visits: 1)