EFAIL: detection and prevention

In our previous blog posting we discussed the EFAIL "Generic exfiltration" attack on S/MIME and suggested how such an attack may be detected.

Even though the CipherMail gateway is not directly vulnerable to EFAIL (see EFAIL: which is vulnerable? PGP, S/MIME or your mail client? for more details), if your email client is configured to automatically download external resources, your email client may leak your decrypted email.

The main issue with the EFAIL "Generic exfiltration" attack is that an encrypted message can be modified by an attacker without being detected. This is a general S/MIME problem and can only be solved by fixing the S/MIME standards.

Door |2024-09-30T07:42:09+00:00juni 28, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor EFAIL: detection and prevention

EFAIL: how to detect you are being attacked?

In an earlier blog, we discussed some implications of the newly found EFAIL attack on PGP and S/MIME. We concluded that CipherMail gateway was not directly vulnerable because the gateway does not load remote content from the email. The email only gets decrypted, validated and then forwarded.

The EFAIL paper describes two types of attack. The "Direct exfiltration" attack and the "Generic exfiltration" attack.

Door |2024-08-26T14:16:10+00:00juni 14, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor EFAIL: how to detect you are being attacked?

EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

What is EFAIL?

EFAIL is a recent attack on PGP en S/MIME email encryption (EFAIL).

EFAIL exploits remote content resolving built into most email clients (like for example images and CSS rules) to get (parts) of a previously encrypted email.

What EFAIL basically does, is that it takes a previously encrypted email (for which the attacker does not have the private key) and embeds this encrypted email into a new email in a special way. The email is then sent to the recipient for decryption. The attacker however designed the email in a way that the decrypted content of the original email gets embedded into the URL for a remote resource (for example an image). If the email client is configured to automatically resolve external content (for example download images), the content of the email gets sent to the remote server as a URL request. If the remote server is under control of the attacker, or if the URL is sent via HTTP, the attacker can access the URL and therefore has access to the plain text content of the original email.

Door |2024-02-17T12:37:32+00:00mei 31, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

Will DANE for SMTP solve all of your GDPR problems?

Will DANE for SMTP solve all of your GDPR problems?

The short answer: probably not. The long answer: keep reading.

What is DANE?

According to Wikipedia:

"DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC)"

In less technical terms, DANE is a protocol which allows you to securely associate a domain name with an X.509 certificate.

Door |2024-09-30T08:35:56+00:00mei 24, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Will DANE for SMTP solve all of your GDPR problems?

Encrypted email and archiving requirements

Even though we believe that email encryption at the gateway level is the easiest way to encrypt your email, in certain situations, desktop to desktop encryption (using Outlook for example) might still be preferred. For example the email infrastructure might be completely outsourced and regulatory requirements demand that the external company should have no access to the contents of sensitive emails.

Door |2024-08-26T14:51:18+00:00februari 7, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Encrypted email and archiving requirements

What does it take for Johnny to start encrypting his email?

Email is here to stay. Despite the growing popularity of applications like WhatsApp, email is still considered to be the most important communication tool for online workers 1and is likely to grow in importance over the next five years2. A problem with email however is that email was designed in a time when Internet security was non existing. Email can be easily forged and intercepted. Growing economic espionage is becoming more and more a problem for companies worldwide. The FBI estimates that economic espionage "costs the American economy hundreds of billions of dollars per year" 3. New laws, like the European "General Data Protection Regulation", requires companies to protect all personal data. Non compliance can lead to "a fine up to 100 000 000 EUR or up to 5% of the annual worldwide turnover in case of an enterprise, whichever is greater".

Door |2024-02-17T06:32:34+00:00juli 14, 2016|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor What does it take for Johnny to start encrypting his email?

Waarom Jan zijn e-mail niet versleutelt?

Hoewel er al jaren wordt geroepen dat e-mail zijn beste tijd heeft gehad, is e-mail nog altijd springlevend. E-mail wordt voor alles en nog wat gebruikt en bevat vaak privacy gevoelige informatie of andere informatie die een zekere mate van beveiliging vereist. Nu is het zo dat er al jaren oplossingen bestaan om e-mail te versleutelen. De vraag is dan ook waarom dit zo weinig wordt toegepast.

Door |2024-02-17T06:32:32+00:00oktober 14, 2014|Artikel, Nederlands|Reacties uitgeschakeld voor Waarom Jan zijn e-mail niet versleutelt?
Ga naar de bovenkant