OpenPGP, S/MIME, EFAIL: what’s going on?

 

On 14 May 2018, Sebastian Schinzel, professor of computer security at the University of Münster in Germany, published a tweet to warn of the discovery of a new security vulnerability concerning OpenPGP and S/MIME e-mail encryption tools. Following this announcement, management at GNU Privacy Guard software said the vulnerabilities were at the implementation level in e-mail clients.

Both vulnerabilities, Direct Exfiltration and CBC/CFB Gadget Attack, could allow an attacker to exfiltrate sensitive data from encrypted emails.

 

 

With Stormshield solutions, you can rest assured


Our Stormshield Network Security and Stormshield Endpoint Security solutions do not use OpenPGP or S/MIME encryption tools.

Regarding our Stormshield Data Security solution, our decryption implementation allows us to not be impacted by these vulnerabilities. Within SDS Enterprise, our mail add-in, Stormshield Data Mail for Outlook, uses a special mechanism to decrypt S/MIME and OpenPGP encryption tools, and is therefore not vulnerable to direct exfiltration or CBC/CFB Gadget Attacks.

DSSI

A DSSI, Distribuidor de Valor Acrescentado, proporciona uma vasta gama de produtos e soluções para os seus Parceiros de negócio complementando sempre que necessário Serviços de Apoio à Pre-Venda, Implementação e Suporte.

Contactos

 Zoom Business Park | Edifício E, Piso 1, Escritório 3 | Estrada de Paço de Arcos

2735-307 Agualva-Cacém

 21 805 15 60

 info@dssi.pt

 

Saiba mais »