. home.aspx



Efail flaws highlight risky implementations of PGP and S/MIME

May 14, 2018 / Michael Helle

The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts say S/MIME may be more at risk than some PGP implementations. Another bungled disclosure has left the infosec community scrambling for answers regarding the branded Efail flaws concerning email encryption processes. The vulnerabilities affect two popular protocols,  PGP and S/MIME, for encrypting email and allow threat actors to reveal the plaintext of encrypted messages. Sebastian Schinzel, professor of computer security at the Münster University of Applied Sciences in Münster, Germany and part of the research team to discover the Efail flaws, tweeted a teaser about the issue at 8:00am Central European Time (2:00am EST). The disclosure was planned for Tuesday May 15th. However just as information leaked out early regarding he Spectre and Meltdown vulnerabilities before disclosure, this teaser proved enough information for the infosec community to find the link ...