EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

What is EFAIL?

EFAIL is a recent attack on PGP en S/MIME email encryption (EFAIL).

EFAIL exploits remote content resolving built into most email clients (like for example images and CSS rules) to get (parts) of a previously encrypted email.

What EFAIL basically does, is that it takes a previously encrypted email (for which the attacker does not have the private key) and embeds this encrypted email into a new email in a special way. The email is then sent to the recipient for decryption. The attacker however designed the email in a way that the decrypted content of the original email gets embedded into the URL for a remote resource (for example an image). If the email client is configured to automatically resolve external content (for example download images), the content of the email gets sent to the remote server as a URL request. If the remote server is under control of the attacker, or if the URL is sent via HTTP, the attacker can access the URL and therefore has access to the plain text content of the original email.

Door |2024-02-17T12:37:32+00:00mei 31, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

Will DANE for SMTP solve all of your GDPR problems?

Will DANE for SMTP solve all of your GDPR problems?

The short answer: probably not. The long answer: keep reading.

What is DANE?

According to Wikipedia:

"DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC)"

In less technical terms, DANE is a protocol which allows you to securely associate a domain name with an X.509 certificate.

Door |2024-09-30T08:35:56+00:00mei 24, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Will DANE for SMTP solve all of your GDPR problems?

Continuous GDPR compliance

Organisations are very much aware of the deadline of 25 May 2018 to become GDPR compliant. But let us not forget that 25 May is not just the end of the period to become compliant. Even more, it is the start of an era where organisations are to be GDPR compliant continuously.

So, as organisations are working to update their privacy statements, improve consent (e.g. opt-in vs opt-out), document records of processing, determine retention schedules and remove old personal data, determine person's (data subject) rights to be adhered to, and more, organisations should consider two perspectives:

  1. Manage the complete life cycle of personal data in the organisation
  2. Demonstrate GDPR compliance continuously
Door |2024-02-17T12:40:14+00:00mei 17, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Continuous GDPR compliance

Security and audit in a cloud-native world

A co-creation with my colleague Janot van Wegen, Risk Officer.

Before the cloud era, you had your own IT organization as a reliable gatekeeper to make your company a cyber fortress. With a strong gateway, your data and applications were kept in house and in good hands. Nowadays a Fort Knox stance on cyber security is unrealistic. Applications that are designed to make the best use of the functionality of all aspects of the cloud are distributed and therefore cannot be captured in the traditional Fort Knox paradigm. With the rise of cloud-native computing, expertise in security and compliance is a must for everyone in the chain

Door |2024-02-17T12:41:36+00:00mei 10, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Security and audit in a cloud-native world

Ook al doen we alles digitaal, stemmen moet met papier en potlood.

De Vereniging Nederlandse Gemeenten (VNG) was nog wel zo genuanceerd geweest in haar Verkiezingsagenda 2021. Ja, ze agenderen helaas toch weer een onderzoek naar de mogelijkheid om elektronisch te stemmen. En suggereren dat blockchain technologie kan helpen bij het ondersteunen van het verkiezingsproces. Maar ook doen ze behartigenswaardige oproepen voor kleinere, hanteerbare stembiljetten, het elektronisch tellen van de stembiljetten, en een oproep om de kwaliteit van de stembureauvoorzitters en stembureauleden te verbeteren.

Door |2024-02-17T06:32:37+00:00mei 3, 2018|Artikel, Nederlands|Reacties uitgeschakeld voor Ook al doen we alles digitaal, stemmen moet met papier en potlood.
Ga naar de bovenkant