What "Efail" Tells Us About Email Vulnerabilities and Disclosure (Schneir on Security, screenshot)

Image

Format

png

License

Creative Commons Licence

Creator(s)

Contributors

Created date

December 3, 2019

Critical Commentary

2018/5/24 - 10 days after the public disclosure of EFAIL, Bruce Schneir commented the disclsosure process. This is a long, in-depth and worthwhile article about the general process of vulnerability disclosure and email security in general. Link to the full version.

Expect more of these kinds of problems in the future. The internet is shifting from a set of systems we deliberately use—our phones and computers—to a fully immersive internet-of-things world that we live in 24/7. And like this email vulnerability, vulnerabilities will emerge through the interactions of different systems. Sometimes it will be obvious who should fix the problem. Sometimes it won't be. Sometimes it'll be two secure systems that, when they interact in a particular way, cause an insecurity.

Group Audience