email – Page 2 – SSL and internet security news

E-Mail Vulnerabilities and Disclosure

June 4, 2018 infossl

disclosure, eff, email, encryption, patching, pgp, Security technology, vulnerabilities

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client into sending a copy of the plaintext to a web server controlled … Read More “E-Mail Vulnerabilities and Disclosure” »

Details on a New PGP Vulnerability

May 14, 2018 infossl

cryptography, eavesdropping, email, encryption, pgp, Security technology, signal, vulnerabilities, whatsapp

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL … Read More “Details on a New PGP Vulnerability” »

Critical PGP Vulnerability

May 14, 2018 infossl

cryptanalysis, cryptography, email, encryption, pgp, protocols, Security technology, vulnerabilities

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. … Read More “Critical PGP Vulnerability” »

Obscure E-Mail Vulnerability

April 9, 2018 infossl

email, gmail, phishing, Security technology, vulnerabilities

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses — if they’re even valid.) Netflix doesn’t ignore dots, so those are … Read More “Obscure E-Mail Vulnerability” »

E-Mailing Private HTTPS Keys

March 13, 2018 infossl

certificates, email, https, keys, Security technology, securitypolicies, tls

I don’t know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec’s … Read More “E-Mailing Private HTTPS Keys” »

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

November 7, 2017 infossl

cybercrime, email, fraud, maninthemiddleattacks, Security technology

There’s a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company’s or realty agent’s email account, track upcoming home purchases scheduled for settlements — the pricier … Read More “Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments” »

E-Mail Tracking

October 3, 2017 infossl

academicpapers, datacollection, email, privacy, Security technology, surveillance, tracking

Interesting survey paper: on the privacy implications of e-mail tracking: Abstract: We show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% … Read More “E-Mail Tracking” »

Journalists Generally Do Not Use Secure Communication

August 31, 2017 infossl

email, encryption, pgp, privacy, Security technology, signal, whistleblowers

This should come as no surprise: Alas, our findings suggest that secure communications haven’t yet attracted mass adoption among journalists. We looked at 2,515 Washington journalists with permanent credentials to cover Congress, and we found only 2.5 percent of them solicit end-to-end encrypted communication via their Twitter bios. That’s just 62 out of all the … Read More “Journalists Generally Do Not Use Secure Communication” »

Tracing Spam from E-mail Headers

April 21, 2017 infossl

email, Security technology, spam

Interesting article from Brian Krebs. Powered by WPeMatico

The Pro-PGP Position

December 22, 2016 infossl

email, encryption, pgp, Security technology, usability

A few days ago, I blogged an excellent essay by Filippo Valsorda on why he’s giving up on PGP. Neal Walkfield wrote a good rebuttal. I am on Valsorda’s side. I don’t like PGP, and I use it as little as possible. If I want to communicate securely with someone, I use Signal. Powered by … Read More “The Pro-PGP Position” »