Moderator

Xiaomi Miui Hellas Team

Rank: 7Rank: 7Rank: 7

Credits
40507
Device
Mi 8
Online time
712 Hours
Send PM

Mi Plastic In-ear PhonesMi Band 2Mi HeadphonesMi Yi CameraMi Selfie StickMi BandMijia Mi Bunny RobotMijia Electric ScooterXiaomi 6 LaunchMi Bluetooth SpeakerMijia Qi CycleNinebot MiniMijia VR Play 2Mi VRMagic CubeMi Power StripMi VR HeadsetMi Notebook AirYi Action CameraMijia Smart ShoesMi Power BankMi WiFi RouterMi T-ShirtMijia 360° Panoramic CameraMi  BunnyMijia Story TellerMi TV 70Mi HomeMi Bluetooth Canon SpeakerUnlock MedalMi Power Bank 10000MAH Mijia Walkie TalkieMi WiFiMijia Smart PTZ CameraMi ScaleMi MIXMi Bluetooth HeadsetMi Kids WatchXiaomi 7th AnniversaryFantastic!FlashholicI Love MIUIMIUI 2016AnTuTuAwesome!MIUI 8MIUI Devices ContestMarshmallowMIUI 6Mi 5Xiaomi Mi 4Mi 5s PlusRedmi 4/Prime/4AXiaomi Mi 6Mi PadMi 4cRedmi 2Mi 5sRedmi 1SMi Max 2Mi 4SMi 5XRedmi Note 2Redmi Note 4XRedmi Note 3Mi 4iRedmi Pro4 Million Forum MembersMi Max Redmi Note 4Redmi 3Redmi 4XRedmi 3SFan Of MIUI ItalyMIUI Weekly PollFan Of MIUI RussiaHappy New YearMerry ChristmasRooster Year of 2017MIUI Fan from TurkeyMIUI Drawing Talent3 Million Forum App InstallsMIUI 20171 Million Forum App InstallsMIUI 50 Million Users2100K Forum MembersI Love 2016MIUI 6th AnniversaryThanksgiving DayFan Of MIUI SpainFan Of MIUI BangladeshMIUI Fan From MyanmarFan Of MIUI GreeceMIUI Fan from MalaysiaPokemon Master MedalMIUI Fan From NepalMIUI 4th AnniversaryWomen's Day MedalMIUI 20 Million UsersMIUI S2 Million Forum MembersHappy Singles' DayMIUI 300 WeeksMIUI Forum AppDiwali MIUI Fan From IndonesiaMIUI World Tour1900K Forum MembersHappy DiwaliMIUI Lucky Friday1700K Forum Members1500K Forum Members1400K Forum Members1800K Forum MembersXiaomi 6th AnniversaryMi Live Medal1st AnniversaryMIUI 9Super SundayMIUI 5th AnniversaryFan Of MIUI IndiaSuper FridayMIUI Fan From PhilippinesFan Of MIUI AustraliaMIUI Happy Medal5 Million Forum App InstallsHappy Holi Medal300K Forum MembersSuper SaturdaySuper Wednesday90000 Forum MembersCamera Filter Guru MedalMIUI 7th AnniversaryMIUI Font LoverFan Of MIUI Ukraine3500K Forum MembersSuper ThursdaySuper MondayRocket to FutureMIUI PSuper TuesdayMIUI Fan from IndiaMIUI 100 Million UsersMIUI Philippines Fan Meetup500K Forum MembersHappy Valentine's DaySurge S1Fan Of MIUI France3 Million Forum MembersPuzzle MasterRingolicious Medal10 Million Forum Posts100k Forum MembersAlpaca Mi Bunny Gamer Mi BunnyMiPopI Love Mi BunnyMIUI ReviewStar WarsMi 5XMi Bunny Game Master 8 Million Forum MembersMi TalentOreoMIUI Weekly Devices QuizNougatMIUI Android 4.4 KitKat25 Million Strong6 Million Forum MembersHumor MasterDiscuss HereMi 8Heart to HeartPOCO F1MIUI Tech SurveyHappy 201913 Million Forum Members7 Million Forum Members10 Million Forum MembersIndia Independence DayXiaomi 8th AnniversaryRedmi Note 5A/PrimeSurpriseMIUI Quick DiscussionIndonesia Independence Day9 Million Forum MembersBlack SharkOTA FeedbackTechnology GuruMIUI G+ FollowerMost Active MIUIerMIUI KingMi Story TellerMIUI FB FollowerInbox ZeroApp TalentAndroid GuruMIUI Ice Bucket ChallengeMIUI ExpertRedmi 5/PlusScroll Of WisdomMIUI SuperstarUpdates LoverAndroid ElfMIUI Medals CollectorMaster Of TechnologyApp StarDie-hard MIUI FanYouth PledgeMIUI FollowerMost Popular Forum UserRingtone ExpertTheme TalentPioneer of MIUI English Forum Mi Lover MedalForum Contest LoverDebate MasterRingtone Star 2017 Annual AwardsMIUI Halloween 2017MIUI Twitter FollowerMr. DependableStar Of Technology

[Chat] [MIUI Tech Discussion #11] Do You Think Encrypted Emails Are Really Secure?

  [ Promote]
12960 214 |
00:02, May-26-2018 | From PC
|
|
Go to reply no.
MIUI Tech Discussion.png

Hello MIUIers and Mi fans!

     Did you know that an attack called eFail overcomes the protections of encrypted email standards PGP and S/MIME.

encryption2.jpg

     According to a group of German and Belgian researchers who posted their findings on Monday. The weakness could allow a hacker to expose plaintext versions of encrypted messages—a nightmare scenario for users who rely on encrypted email to protect their privacy, security, and safety.The weakness, dubbed eFail, emerges when an attacker who has already managed to intercept your encrypted emails manipulates how the message will process its HTML elements, like images and multimedia styling. When the recipient gets the altered message and their email client—like Outlook or Apple Mail—decrypts it, the email program will also load the external multimedia components through the maliciously altered channel, allowing the attacker to grab the plaintext of the message.

encryption.jpeg


The eFail attack requires hackers to have a high level of access in the first place that, in itself, is difficult to achieve. They need to already be able to intercept encrypted messages, before they begin waylaying messages to alter them. PGP is a classic end-to-end encryption scheme that has been a go-to for secure consumer email since the late 1990s because of the free, open-source standard known as OpenPGP. But the whole point of doing the extra work to keep data encrypted from the time it leaves the sender to the time it displays for the receiver is to reduce the risk of access attacks—even if someone can tap into your encrypted messages, the data will still be unreadable. eFail is an example of these secondary protections failing.

"For people who must use encrypted mail, there's not consensus yet on the best course of action," says Kenn White, director of the Open Crypto Audit Project. "Many people have criticized the EFF guidance, which is basically to stop using encrypted mail. I'm not sure such advice is warranted, or even practical."


Sebastian Schinzel the researcher says "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now." The Electronic Frontier Foundation issued a similar warning, that "users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email," until there are patches or other mitigations for vulnerable email clients.


The weakness and how to handle it has provoked debate in the cryptography community. At issue: how much of the problem rests with email clients, versus fundamental issues with the PGP and S/MIME ecosystems generally. Some argue that clients should have acted on warning mechanisms like MDC, while others contend that interoperability was prioritized above a known threat for years.

encryption-og.png

As cryptographers continue to analyze the situation, some note that it should be possible to check encrypted inboxes for evidence of eFail attacks in the wild, by scanning for the suspicious HTML manipulations. And because of this detectability, some, like Dan Guido, CEO of the security firm Trail of Bits, note that the attack might not be so appealing to hackers in practice. "It doesn’t look like the team behind eFail researched possible detections or operational necessities for pulling off successful attacks," he says.

Until user services actually start issuing patches and scanning to see if the attack has been in use over the years, people looking to gain protection from encrypted email should lean on other types of secure communication or continue using encrypted email with knowledge of the risks. Mistakes are going to happen, but users would benefit from more cooperation and less in-fighting within the secure email community.

Do You Think Encrypted emails Are Really Secure?

Read more at Wired
Photo sources: eff & eraser.heidi.ie
Special Thanks to our admins @Nanana @candicesu & Mi 5s Subforum Management Team!
Favorite10 Share

Rated by 16 people   Experience Prestige Reason  

tvrkiran + 2 Fantastic!
Katrix + 10 + 5 Fantastic!
Manish@786 + 10 + 3 Fantastic!
zamica + 1 Awesome!
orlenok01 + 1 Agreed!
IdelMar + 1 Fantastic!
Alfino11 + 5 Thanks!
chgbhat + 4 Great!
VikuBalupura + 10 + 5 Fantastic!
DJStatikVX + 10 + 3 Great!
hearthekker + 4 Fantastic!
colaus + 5 Great!
candicesu + 10 Awesome!
728292 + 5 Fantastic!
KoHsetGyi + 10 + 3 Fantastic!
Prince26712 + 10 + 5 Awesome!

Experience +98  Prestige +24  View Rating Log

Credits Management

Quick Reply Top Return to the list