Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Discover 2 new vulnerabilities on 2 popular email protocols
European security researchers have discovered a remarkable new vulnerability in the popular email encryption protocol. Through it, an attacker can inject malicious code into email even though the protocol is designed to prevent this behavior. If done correctly, malicious code can be used to steal the contents of the victim's inbox.
This vulnerability affects two of the very popular email protocols, PGP and S / MIME, although the degree of impact depends on the use of the client software's protocol. Quite a lot of email client software is affected, including Apple Mail, Mail application on iOS , Thunderbird and even Outlook. It is worth noting that many current message authentication systems can block this type of attack.
Basically the attack type can be divided into two categories: Direct Exfiltration affects macOS and iOS Mail of Apple and Thunderbird of Mozilla. If the encrypted email using these client software is tampered with, the attacker could exploit the vulnerability to edit the email, adding the malicious HTML code before sending it back to the victim. When the victim opens a new message, the malicious code will send back the plaintext email.
The second form is CBC / CFB Gadget Attack which affects more email client software, including Microsoft Outlook but the level depends. With PGP, every 1 attack will be 1 time but with S / MIME an email can break up to 500 messages.
Many enterprise servers still use S / MIME encryption, so the flaw could cause major concerns.
S / MIME seems to have a lot of trouble and is vulnerable to attack
Open source software GNU Privacy Guard has written 'there are two ways to reduce this attack: don't use HTML email . use authenticated encryption'.
Sebastian Schinzel, professor of computer security at the University of Applied Sciences Münster warns on Twitter that 'there is currently no way to fix vulnerabilities'. He encourages people to disable the above encryption protocols in their email software. The Electronic Frontier Foundation calls these 'temporary' measures before the error is fixed.
See more:
- Outlook may not encrypt your email if you use S / MIME encryption
- 8 best secure email services ensure your privacy
- Microsoft will encrypt email, preventing mail forwarding in Outlook
Micah SotoYou should read it
- What is email encryption? Why does it play an important role in email security?
- How to encrypt email
- Launch Email editor quickly from web browser
- 7 most popular email security protocols today
- How to handle when email automatically sends bulk spam
- Send Email using PHP
- Differentiate POP and IMAP
- How to set up the default email client on Windows 10
May be interested
- Immediately fix critical vulnerabilities in Windows NTLM security protocol
researchers on firewall preempt behavior have discovered two new vulnerabilities in windows ntlm security protocols. let's see what those holes are and how serious it is! - iPhone is stuck with a dangerous security errorif you still have the habit of sending important files on the iphone or ipad email application, you should probably pause this routine when upgrading your apple device to ios 7.
- Differentiate POP and IMAPif you've ever set up an email application, you probably know two terms pop and imap. but do you understand the difference between these two protocols and how the impact of each protocol on your email account?
- Vulnerabilities discovered in many web browsers that allow users to be tracked through installed applicationsinternational security researchers have recently developed a method, or rather, a rather dangerous new vulnerability on many popular web browsers.
- Configure Windows XP SP2 network protection technologies on a computer (Part III)email programs often use the hypertext markup language (html) feature to enhance the beauty and content of emails. however, the use of html caused two vulnerabilities for email.
- 29 ways to end popular English emails and their meaningshere are 29 common email ending ways and the meaning of each way so you can know when to use, when to avoid and how to use it when you're not sure. invite you to consult!
- 7 things you can do with email inbox without you knowingyou may be tempted to stay away from email services because it is no longer as popular as instant messaging and other online media. but email not only has the task of receiving and sending mail, it can also send text messages, download files, update social network status and even control smart technology in the home.
- Google launched a new feature that makes Gmail even more useful and interactivegmail is one of the most popular email platforms in the world, and has long not received many major updates from google. however, with the new update coming soon for gmail, google is trying to turn this platform into the most comprehensive email tool available today.
- This is how hackers attack your Bitcoin wallet onlinefor years, researchers have been warning about serious problems with signaling system 7 (ss7) - a set of phone protocols, but nothing has improved. see how hackers attack bitcoin wallet through ss7 vulnerability!
- The Mail app on iOS has serious vulnerabilitiessecurity researchers at zecops have discovered two serious vulnerabilities that exist on the default mail application pre-installed on millions of iphones and ipads.
Attack the network
- The DHCP vulnerability in Red Hat Linux helps hackers execute remote code
- Malware digs virtual money over antivirus programs, forcing Windows to crash
- Warning: New malicious code is infecting about 500,000 router devices
- The browser is too smart, hackers turn to embed zero-day Flash malicious code into Microsoft Office files
- Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
- Warning: Bkav detected more than 700,000 computers in Vietnam infected with virtual money digging virus that slowed down the computer
The DHCP vulnerability in Red Hat Linux helps hackers execute remote code
Malware digs virtual money over antivirus programs, forcing Windows to crash
Warning: New malicious code is infecting about 500,000 router devices
The browser is too smart, hackers turn to embed zero-day Flash malicious code into Microsoft Office files
Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
Warning: Bkav detected more than 700,000 computers in Vietnam infected with virtual money digging virus that slowed down the computer