S/MIME

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register article)

2018/05/14: Article describing the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

Efail: What A Disclosure FAIL That Was! (RBS article)

2018/05/16: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more

A unified timeline of Efail PGP disclosure events

2018/05/16: Timeline of the Efail vulnerabilities disclosures to PGP vendors and usersRead more

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

EFAIL Usenix paper, released (in a draft version) on may 14, 2018 due to embargo break. It describes the EFAIL attacks (technique: malleability gadgets) to reveal plaintext of emails encrypted with S/MIME and OpenPGP.Read more

Email Is Dangerous (The Atlantic article)

2018/05/21: Article on who is concerned by the EFAIL vulnerabilities and why email, in general, isn't securedRead more

EFAIL bundle

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)
PGP und S/MIME abschalten (Golem article)
Major eFail Vulnerability Exposes PGP Encrypted Email -- UPDATED (Forbes article)
Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)
Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)
Efail or OpenPGP is safer than S/MIME (W. Koch email)
#EFail - the security industry and the importance of nuance (HackDefense article)
Encrypted Email Has a Major, Divisive Flaw (Wired article)
S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register article)
PGP und S/MIME: E-Mail-Verschlüsselung akut angreifbar (Heise Security article)
No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)
A unified timeline of Efail PGP disclosure events
Efail: What A Disclosure FAIL That Was! (RBS article)
Statement on Efail research (Gpg4win)
Email Is Dangerous (The Atlantic article)
efail: Outdated Crypto Standards are to blame (Hanno's blog)
Die wichtigsten Fakten zu Efail (Golem article)
What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)
How To Turn PGP Back On As Safely As Possible (EFF article)
HTML MAils have no Security Concept and are to blame (Hanno's blog)
Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)
Encryption? This time it'll be usable, Thunderbird promises (The Register article)
Sebastian Schinzel Tweet about EFAIL vunlerability
No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)

2018/05/15: Article going through why PGP isn't "broken" even though vulnerabilities have been found in it. 

Reaction to this article available here : https://cva.unifr.ch/content/no...Read more

What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)

2018/05/24: Article on EFAIL vulnerability, email vulnerabilities and the patching of those vulnerabilities. It questions the safety of emails in generalRead more

Encrypted Email Has a Major, Divisive Flaw (Wired article)

2018/05/14: Article on the story of the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register Comments section)

2018/05/14: Comments section under the article of The Register "S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats"Read more

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

efail: Outdated Crypto Standards are to blame (Hanno's blog)

2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more

Subscribe to S/MIME
Need help with PECE?
Join the PECE Slack channel