This is the Shared Security Weekly Blaze for May 21, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!
Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated!
Show Transcript
This is your Shared Security Weekly Blaze for May 21st 2018 with your host, Tom Eston. In this week’s episode: Efail vulnerabilities and PGP encryption, Facebook’s app investigation and Nest password notifications.
The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”. If you like this podcast we would really appreciate you leaving a five star review in iTunes. Reviews really help move us up in the podcast ratings and attract more listeners. We’ll be sure to thank you for your review on the show! Thanks for your support!
Multiple vulnerabilities dubbed “Efail” were announced by European security researchers in several popular email clients that make it possible for attackers to view the plaintext of email messages encrypted with PGP (also known as Pretty Good Privacy) and S/MIME encryption standards. Email, as you’re hopefully aware, is not encrypted by default. This is often referred to as “plaintext” email. PGP and S/MIME have been the standard for email encryption for many years now and is used by many people and businesses to secure email communication. The Efail vulnerabilities allow an attacker to embed previously obtained encrypted text into a new email and also include a web URL of the attackers server. When the email is sent to the victim the email client decrypts the email like normal but inadvertently sends the plaintext of the previously encrypted email to the attackers server. The issue lies in the way vulnerable email clients decrypt encrypted email.
One very important point to make is that PGP and S/MIME encryption is not broken. While it may not be a modern encryption solution, it’s still a viable and secure method to safeguard sensitive emails and other information such as documents and files. This particular issue is about vulnerable email clients, not in the encryption protocol itself. Organizations such as the EFF have advised to disable PGP and S/MIME within your email clients as a temporary solution until a fix for email clients identified as vulnerable are released. You can still encrypt and decrypt emails outside of your email client if you’re already using PGP
Published on 7 years, 7 months ago
If you like Podbriefly.com, please consider donating to support the ongoing development.
Donate