Not all encryption software, tools, and techniques are created equal. While it is true that using some encryption is better than not using any at all, it is always smart to research your solution before and during using it. As a Hacker News article points out, serious flaws in two popular encryption tools, PGP and S/MIME have recently been discovered.
PGP, which stands for Pretty Good Privacy, is an open source end-to-end tool for keeping sensitive emails safe from prying eyes. S/MIME, which stands for Secure/Multipurpose Internet Mail Extensions, is a more robust tool that supports features like digital signatures. Both these are popular in areas where sensitive material transmission might create a problem for the sender (or receiver) and are used by journalists wanting to send back field reports safely.
A team of European security researchers recently discovered a set of vulnerabilities in both tools that allow messages to be decrypted in plain text including messages sent in the past. The Electronic Frontier Foundation (EFF) is urging users to uninstall these tools until the flaws can be patched. According to their statement,
"EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages," the organisation said in its blog post.
"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email."
The vulnerabilities appear to be in the way messages are decrypted rather than something in the encryption algorithms themselves, as referenced in the last sentence of the EFF statement above. Whether this makes the vulnerabilities easier to patch remains to be seen.
The article goes on to tell users to uninstall the certain plugins and use an alternative encryption tool/methodology until further updates and patches are available. The plugins are:
- Thunderbird with Enigmail
- Apple Mail with GPGTools
- Outlook with Gpg4win
The bottom line is this, when it comes to encryption, it pays to go for the best available solution and then be diligent in using it. Always be safe in your communications and online transactions and keep an eye open for reports of vulnerabilities. Complacency is not a good habit when trying to maintain your privacy in the digital age.
Naturally, here at CRIP.TO we believe we offer the best, most secure communications solution available to people, groups, and companies. Our solution has been engineered from the ground up to embody the Libertarian principle of freedom of speech without fear of reprisal. Using our innovative hardware (CRIP.TO Black) and software (CRIP.TO Shield) solution powered by our unique block-chain based stack of services, we give you the freedom to communicate fearlessly.
Our PreICO has just launched so we encourage you to checkout both our secure communications solution and the details of our ICO.