DOCSLIB.ORG

EFAIL New Attacks and State of Mitigation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EFAIL New Attacks and State of Mitigation 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) EFAIL New attacks and state of mitigation Jörg Schwenk Joint work with: Sebastian Schinzel, Juraj Somorovsky, Damian Poddebniak, Marcus Brinkmann, Jens Müller, Christian Dresen, Fabian Ising, Simon Friedberger, Hanno Böck 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1 Reporters without borders 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 2 2 Policy statement „Wir wollen einfache und sichere Lösungen für die elektronische Identifizierung und Ende-zu-Ende- Verschlüsselung für jedermann verfügbar machen und es den Bürgerinnen und Bürgern ermöglichen, verschlüsselt […] zu kommunizieren (PGP/SMIME).“ 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3 3 The EFAIL attack • EFAIL is a crypto attack! • But the press sometimes likes it simple… 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 4 The EFAIL attack 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 5 The EFAIL attacks! Malleability Direct Gadgets Exfiltration Theoretically(2018) (2018) Fixed! SignatureNot relevant Reply Spoofing Attacks (2019) here! (2019) 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 6 Overview 1. E-Mail, OpenPGP, S/MIME 2. EFAIL Direct Exfiltration 3. Implemented Mitigations 4. Reply-Attacks 5. New: Decryption Contexts 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 7 7 What is electronic mail? • Really old stuff dating back to 1971/1982 • A whole bunch of RFCs: RFC 822, RFC 2822, RFC 5322, RFC 2045, RFC 2046, RFC 2047, RFC 2231, RFC 5321, RFC 3501, RFC 4551, RFC 1939, RFC 2595, RFC 3501, etc. pp. • Mail protocols: POP, IMAP, SMTP • Encryption: OpenPGP and S/MIME 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 8 8 Traditional email (RFC 822) From: [email protected] To: [email protected] Subject: Traditional mail *** This is oldschool *** 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 9 9 MIME email (RFC 2045ff) From: [email protected] To: [email protected] Subject: MIME mail MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="BOUNDARY" --BOUNDARY Content-Type: text/html <html><body><b>Hi there!</b></body></html> --BOUNDARY-- 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1010 Two competing mail encryption standards OpenPGP (RFC 4880) • First “encryption for the masses” • Favored by privacy advocates • Web-of-Trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1111 What to attack today? • We won’t break the crypto (RSA, AES) • We won’t touch the crypto (BEAST, EFAIL MG) • Practical attacks based on implementations of the MIME `standard’ in combination with encrypted content • Missing security considerations in the RFCs 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1212 Overview 1. E-Mail, OpenPGP, S/MIME 2. EFAIL Direct Exfiltration 3. Implemented Mitigations 4. Reply-Attacks 5. New: Decryption Contexts 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1313 Attacker model • Attacker obtained ciphertext as MitM or by actively hacking the mail gateway or server • Goal: wrap ciphertext into HTML mail, resend and make victim leak the decrypted message 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1414 How to make E-Mail interactive • JavaScript: XSS cheat sheets (JS URI, events) • HTML/CSS: <link>, <meta>, <base href=…>, URI attributes and schemes (ftp://, etc.) • Attachment previews: PDF, SVG, VCF, etc. • E-Mail header: MDN, X-Face, X-PGP, etc. • Certificate verification: OCSP, CRL, PGP PKI 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1515 Examples 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1616 Evaluation 2018 Outlook Postbox Live Mail The Bat! eM Client W8Mail Windows IBM Notes Foxmail Pegasus Mulberry WLMail W10Mail Thunderbird KMail Claws Linux Evolution Trojitá Mutt Mail App Airmail MailMate macOS Spammers win! Mail App CanaryMail Outlook iOS but they’re fine with K-9 Mail MailDroid<img src="…"> Android R2Mail Nine GMail Yahoo! GMX Mail.ru ProtonMail Mailbox Webmail Outlook.com iCloud HushMail FastMail Mailfence ZoHo Mail Roundcube Horde IMP Exchange GroupWise Webapp RainLoop AfterLogic Mailpile good leak by default leak/bypass XSS SSRF 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1717 Direct exfiltration • This attack was possible since 2003 in Thunderbird • Independent of the applied encryption scheme • Somewhat fixable in implementation • But worked directly in … – Apple Mail / Mail App – Thunderbird – Postbox – … • The standards do not give any definition for that! 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 1919 Mixing two worlds The email world The crypto world From: [email protected] -----BEGIN/usr/bin/gnupg PGP MESSAGE----- --decrypt To: [email protected] ... Subject: Spy vs. Spy -----END PGP MESSAGE----- Content-Type: text/html How're you doing? <img src="https://nsa.gov/x.gif"> Secret Meeting Tomorrow 9pm What could possible go wrong? → https://nsa.gov/Secret%20MeetingTomorrow%209pm 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 2020 Overview 1. E-Mail, OpenPGP, S/MIME 2. EFAIL Direct Exfiltration 3. Implemented Mitigations 4. Reply-Attacks 5. New: Decryption Contexts 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 2727 Countermeasures EFAIL 2018: Malleability Gadgets • OpenPGP – Implementation • GnuPG made MDC checksums mandatory in Version 2.2.8 • major interoperability and backwards compatibility problems • Users can switch off this mitigation – Specification: New cipher modes • S/MIME – Implementation: None – Specification: AES-GCM mandatory (S/MIME 4.0) 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 2828 Countermeasures EFAIL 2018: Direct Exfiltration • OpenPGP – Implementation • Apple Mail/GPG Suite: sandboxed iFrames, block remote content, reply only with first ciphertext • Thunderbird/Enigmail: Sanitize HTML (broken), decrypt only MIME level 0, open different parts in different windows – Specification: ??? • S/MIME – Implementation: • Apple Mail: Block remote images, show warning • Thunderbird: Sanitize HTML (broken), decrypt only MIME level 0 (breaks S/MIME interoperability, e.g. with GMail) – Specification: "Please separate HTML context" 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 2929 Secure E-Mail still is in bad shape 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3030 Overview 1. E-Mail, OpenPGP, S/MIME 2. EFAIL Direct Exfiltration 3. Implemented Mitigations 4. Reply-Attacks 5. New: Decryption Contexts 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3131 Social engineering • Would you – …reply to unsubscribe? – …click here to unsubscribe? – …click here to complete registration? – …click into “text” area, fake scrollbars, fake Enigmail message, or attachment? – Answer an urgent email from your colleague/boss? 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3232 Reply-Attack without HTML (ACNS 2019) From: Alice <[email protected]> From: Bob <[email protected]> To: Bob <[email protected]> To: Alice <[email protected]> Subject: URGENT: Time for a meeting? Subject: Re: URGENT: Time for a meeting? Content-type: multipart/mixed; Content-type: multipart/mixed; boundary="BOUNDARY2" boundary="BOUNDARY" --BOUNDARY2 --BOUNDARY Content-type: text/plain Content-type: text/plain Sorry, today I'm busy!!! Bob Do you have time for a meeting today at 2 p.m.? It's --BOUNDARY2 urgent! Content-type: text/plain Alice <CRLF> Do you have time for a meeting today at 2 p.m.? It's <CRLF> urgent! <CRLF> Alice ... <CRLF> <CRLF> <CRLF> --BOUNDARY <CRLF> Content-type: application/pkcs7-mime; smime- ... type=enveloped-data <CRLF> Content-Transfer-Encoding: base64 --BOUNDARY2 Content-type: text/plain MIAGCSqGSIb3DQEHA6CAMIACAQAxggHXMIIB0wI B... Secret meeting --BOUNDARY-- Tomorrow 9pm --BOUNDARY-- 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3333 Overview 1. E-Mail, OpenPGP, S/MIME 2. EFAIL Direct Exfiltration 3. Implemented Mitigations 4. Reply-Attacks 5. New: Decryption Contexts 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3434 Decryption Contexts (In submission) • Idea: Make decryption context-aware • Implementation: – Extract structure of email and code it as a string – Feed string 1. into AEAD as additional data 2. into new KDF as seed 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3535 Decryption Contexts (In submission) Original E-Mail Decryption Context From: Alice <[email protected]> from:Alice <[email protected]><CRLF> To: Bob <[email protected]> to:Bob <[email protected]><CRLF> subject:Confidential<CRLF> Subject: Confidential mimelevel=0<CRLF> Content-type: application/pkcs7- mime; smime-type=enveloped- data; Decryption-context: {{h=from:reply- to:to:subject}{mimelevel}} Content-Transfer-Encoding: base64 Decryption Context Policy MIAGCSqGSIb3DQEHA6CAMIAC AQAxggHXMIIB0wIB... 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 3636 Questions? 16. Deutscher IT-Sicherheitskongress (21. - 23. Mai 2019) 37.
Load more

Recommended publications
  • Mesačný Prehľad Kritických Zraniteľností Máj 2018
    Mesačný prehľad kritických zraniteľností Mesačný prehľad kritických zraniteľností Máj 2018 1. Operačné systémy Microsoft Windows V máji spoločnosť Microsoft opravila 4 kritické zraniteľnosti operačného systému Microsoft Windows. Zraniteľnosti CVE-2018-0959 a CVE-2018-0961 môžu spôsobiť vykonanie škodlivého kódu na diaľku. Prvá z nich je spôsobená nesprávnym overovaním vstupu Windows Hyper-V na serveri od autentifikovaného používateľa na hostiteľskom operačnom systéme. Druhá sa týka overovania paketových dát v SMB protokole systému Windows Hyper-V. Na zneužitie týchto zraniteľností musí útočník spustiť špeciálne vytvorenú aplikáciu, ktorá umožní zneužitie týchto zraniteľností. Úspešný útočník následne môže vykonať ľubovoľný kód pomocou Windows Hyper-V. Našli sa aj zraniteľnosti CVE-2018-8120 a CVE-2018-8174 taktiež umožňujúce vzdialené vykonávanie kódu či zvýšenie privilégií, ktoré sú bližšie popísané aj v našom varovaní. Zraniteľné systémy: Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems. Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows
    [Show full text]
  • Business SITUS Address Taxes Owed # 11828201655 PROPERTY HOLDING SERV TRUST 828 WABASH AV CHARLOTTE NC 28208 24.37 1 ROCK INVESTMENTS LLC
    Business SITUS Address Taxes Owed # 11828201655 PROPERTY HOLDING SERV TRUST 828 WABASH AV CHARLOTTE NC 28208 24.37 1 ROCK INVESTMENTS LLC . 1101 BANNISTER PL CHARLOTTE NC 28213 510.98 1 STOP MAIL SHOP 8206 PROVIDENCE RD CHARLOTTE NC 28277 86.92 1021 ALLEN LLC . 1021 ALLEN ST CHARLOTTE NC 28205 419.39 1060 CREATIVE INC 801 CLANTON RD CHARLOTTE NC 28217 347.12 112 AUTO ELECTRIC 210 DELBURG ST DAVIDSON NC 28036 45.32 1209 FONTANA AVE LLC . FONTANA AV CHARLOTTE 22.01 1213 W MOREHEAD STREET GP LLC . 1207 W MOREHEAD ST CHARLOTTE NC 28208 2896.87 1213 W MOREHEAD STREET GP LLC . 1201 W MOREHEAD ST CHARLOTTE NC 28208 6942.12 1233 MOREHEAD LLC . 630 402 CALVERT ST CHARLOTTE NC 28208 1753.48 1431 E INDEPENDENCE BLVD LLC . 1431 E INDEPENDENCE BV CHARLOTTE NC 28205 1352.65 160 DEVELOPMENT GROUP LLC . HUNTING BIRDS LN MECKLENBURG 444.12 160 DEVELOPMENT GROUP LLC . STEELE CREEK RD MECKLENBURG 2229.49 1787 JAMESTON DR LLC . 1787 JAMESTON DR CHARLOTTE NC 28209 3494.88 1801 COMMONWEALTH LLC . 1801 COMMONWEALTH AV CHARLOTTE NC 28205 9819.32 1961 RUNNYMEDE LLC . 5419 BEAM LAKE DR UNINCORPORATED 958.87 1ST METROPOLITAN MORTGAGE SUITE 333 3420 TORINGDON WY CHARLOTTE NC 28277 15.31 2 THE MAX SALON 10223 E UNIVERSITY CITY BV CHARLOTTE NC 28262 269.96 201 SOUTH TRYON OWNER LLC 201 S TRYON ST CHARLOTTE NC 28202 396.11 201 SOUTH TRYON OWNER LLC 237 S TRYON ST CHARLOTTE NC 28202 49.80 2010 TRYON REAL ESTATE LLC . 2010 S TRYON ST CHARLOTTE NC 28203 3491.48 208 WONDERWOOD TREE PRESERVATION HO .
    [Show full text]
  • Znetlive SSL Compatible Applications, Platforms & Operating
    ZNetLive SSL Compatible Applications, Platforms & Operating Systems Certificate Authority Root Apple MAC OS 9.0+ (circa 2002), includes 10.5.X and 10.6.X Future proof at 2048 bit, embedded in all Microsoft Windows XP, Vista, 7 and 8 (all devices and browsers and capable of upgrading versions inc 32/64 bit) weak encryption to a strong one is the most reliable Certificate Authority Root-GlobalSign. It is very important to ensure a flawless interaction of your online solutions with Default API Support within Hosting Control customers making connection with your web Panels server, reading emails, trusting your e- Ubersmith documents or running your code. Every WHMCS standard machine that uses trust of Public Key Infrastructure (PKI), e.g. S/MIME, SSL/TLS, Document Signing and Code Signing, has GlobalSign’s Root Certification present in it. Email Clients (S/MIME) ZNetLive’s SSL Certificates authenticated by GlobalSign have 2048 bit strength throughout Mulberry Mail complete Digital Certificate portfolio and Microsoft Outlook 99+ comply with recommendations of National Microsoft Entourage (OS/X) Institute of Standards and Technology (NIST) Qualcomm Eudora 6.2+ according to which all cryptographic keys Mozilla Thunderbird 1.0+ should be 2048 bit strength from 2011 onwards. Mail.app Anything weaker than 2048 bit encryption is Lotus Notes (6+) considered insecure. Because of this, the Netscape Communicator 4.51+ Certification Authorities and Browsers insists The Bat that all the EV SSL Certificates should be 2048 Apple Mail bit encryption.
    [Show full text]
  • Downloadable Email Program for My Pc 32 Best Free Email Clients
    downloadable email program for my pc 32 Best Free Email Clients. Here are 32 best free email client software . These let you manage and access all of your email accounts in one single place easily. All these email client software are completely free and can be downloaded to Windows PC. These free software offer various features, like: can be used with IMAP, SMTP, POP3 and Gmail, keeps your emails safe and secure, lets you open various emails simultaneously, provide protection from spam, lets you view your emails offline, manage and access all of your email accounts in one single place, supports PH, LDAP, IMAP4, POP3 and SMPT mail protocols etc. So, go through this list of free email client software and see which ones you like the most. Thunderbird. Thunderbird is a free and handy email client software for your computer. It can be used with IMAP, SMTP, POP3 and Gmail. It will also work with email accounts provided by MS Exchange Server. The user interface of Thunderbird is tabbed. It lets you open various emails simultaneously. Thunderbird keeps your emails safe and secure. It also has special filters for filtering the mail. Windows Live Mail. Windows Live Mail is a free email client for your computer. It works with various email accounts. It lets you access Yahoo, Gmail, Hotmail and emails from different servers which supports POP3 and SMTP. Its security features are excellent it will also provide protection from spam. You can also view your emails offline in this freeware. Zimbra Desktop. Zimbra Desktop is a free email client.
    [Show full text]
  • PGP) and GNU Privacy Guard (GPG): Just Enough Training to Make You Dangerous
    Pre$y Good Privacy (PGP) And GNU Privacy Guard (GPG): Just Enough Training to Make You Dangerous Joe St Sauver, Ph.D. M3AAWG Senior Technical Advisor Scien<st Farsight Security, Inc. M3AAWG 36, San Francisco, California Monday, Feb 15th, 2016, 12:30-14:30 hLps://www.stsauver.com/joe/pgp-tutorial-sfo/ 0. IntroducDon Obligatory Screen: Eligibility For Strong EncrypDon • This is not legal advice (for that, please contact your aorney), however please note that some people are NOT ALLOWED to use strong encryp<on under prevailing laws. • By connuing with this training, you cerDfy that you are NOT: -- a ci<zen, naonal, or resident of a country barred from access to strong encryp<on by the U.S. or other countries, including but not limited to persons from the Crimea region of the Ukraine, Cuba, Iran, North Korea, Sudan, or Syria; -- nor are you a "Specially Designated Naonal" (see hp://www.treasury.gov/resource-center/sanc<ons/SDN-List/ Pages/default.aspx ), nor a person (or representave of a company) that is subject to any other US or other sanc<ons program or restric<on. • If you are subject to any such prohibi<on or restric<on, you must NOT par<cipate in today's encryp<on training. 3 Disclaimer • While all due care was used in preparing the content of this training, we cannot ensure that you will not inadvertently make a mistake, or encounter a vulnerability while using PGP/GPG. • Given that you cannot "unring the bell once it has been rung," and given that some poten<al "losses of confiden<ality" may have grave or even catastrophic consequences, please remember that: -- you should not use PGP/GPG for "life/safety-cri<cal" purposes -- today's training is provided on a "best efforts," as-is, where-is basis, with all evident and/or latent faults/flaws -- should you decide to use and rely on PGP/GPG, the decision to do so is your own and at your own risk; we disclaim all responsibility for any impacts associated with the use, misuse, or abuse of PGP/GPG by anyone here today or using this talk.
    [Show full text]
  • Reference Guide
    Reference Guide Mulberry Internet Email and Calendar Client Version 4.0 Cyrus Daboo mailto:[email protected] Pittsburgh PA http://www.mulberrymail.com USA 2Information in this document is subject to change without notice. You are free to use this document in any way you wish provided full attribution of the original author is given. Document Revision 405.000 © 2006 Cyrus Daboo. All Rights Reserved. Pittsburgh PA USA Mulberry is a registered trademark. All other companies and product names are trademarks or registered trademarks of their respective holders. Contents 1. INTRODUCTION................................................................................. 15 2. GETTING STARTED............................................................................ 16 2.1 SYSTEM REQUIREMENTS .......................................................................................................... 16 2.2 INSTALLING MULBERRY........................................................................................................... 17 2.3 GETTING HELP......................................................................................................................... 18 2.4 STARTING MULBERRY .............................................................................................................. 18 2.5 DRAG AND DROP ...................................................................................................................... 20 2.6 CONTEXTUAL MENUS.............................................................................................................
    [Show full text]
  • Comodo SSL Certificates
    Comodo SSL Certificates Powerful, cost-effective security for e-commerce websites Why Comodo SSL? Comodo SSL certificates are the quickest way for 99.3% of the Internet population and maximizing online businesses to protect customer transactions the reach of your business. • Issued online in minutes – with SSL security. Featuring fast online issuance, automated validation means the strongest possible levels of encryption, Build Customer Trust and Increase no paperwork, no faxes, no Website Sales delay dedicated customer support and a huge $250K warranty, Comodo SSL lets you create a highly • Highest levels of SSL security In today’s highly competitive secure e-business environment within minutes. – 2048 bit digital signatures e-commerce world, building a and up to 256 bit encryption sense of trust and security in the as standard Highest Available Encryption Strength minds of your website visitors • 99.3% browser recognition 2048 bit signatures and up to 256 encryption is key to converting them to maximizes your potential means Comodo SSL certificates offer the highest customers. Comodo’s high impact site seal does just customer base possible levels of security for your customers. that by instantly reassuring your visitors that your • Highly visible site seal builds The key length complies with the National site is protected with SSL security from one of the trust and aids customer Institute of Standards and Technology (NIST) most recognized brands in Internet security. Each conversion recommendations. seal also features unique ‘point-to-verify’ technology • Peace of mind with our 30 which shows real-time verification of your website’s day refund policies Speed of Issuance & Validation Levels security whenever a visitor hovers their mouse • Licensed for unlimited cursor over the seal.
    [Show full text]
  • Efail: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels
    Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak and Christian Dresen, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Fabian Ising and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, NXP Semiconductors, Belgium; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-931971-46-1 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak1, Christian Dresen1, Jens Muller¨ 2, Fabian Ising1, Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, and Jorg¨ Schwenk2 1Munster¨ University of Applied Sciences 2Ruhr University Bochum 3NXP Semiconductors, Belgium Abstract is designed to protect user data in such scenarios. With end-to-end encryption, the email infrastructure becomes OpenPGP and S/MIME are the two prime standards merely a transportation service for opaque email data and for providing end-to-end security for emails. We de- no compromise – aside from the endpoints of sender or scribe novel attacks built upon a technique we call mal- receiver – should affect the security of an end-to-end en- leability gadgets to reveal the plaintext of encrypted crypted email. emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails. These snippets S/MIME and OpenPGP. The two most prominent stan- abuse existing and standard conforming backchannels to dards offering end-to-end encryption for email, S/MIME exfiltrate the full plaintext after decryption.
    [Show full text]
  • Review, Email Clients with Source Code Editing
    Review, Email Clients with Source Code Editing By Micheline Johnson Updated 2013-12-05 Why is source code editing desirable? It enables the addition of variable indenting and hanging indents, tables, images, charts, videos etc. the replacement of <p> tags with <div> tags, if para spacing is not required. Wikipedia lists most email clients. Of these, the free Windows or cross-platform GUI email clients are included in the Appendix. Of these, the current mainstream desktop GUI email clients include: 1. Outlook, overkill for most purposes, and is not free. 2. Outlook Express, not available for Windows 7 3. Windows Live Mail 4. Mozilla Thunderbird, does not natively support HTML editing or tables. 5. Eudora v7.1, runs on Microsoft Windows XP/2000 (http://www.eudora.com/download/). It has problems with Windows 7, see http://mcaf.ee/cxsw8 . It runs on Windows XP, and does not appear to support editing HTML source code, or tables. 6. Eureka Email. It is very difficult to uninstall, see http://mcaf.ee/1q0ka , so I did not test it. 7. Pegasus Mail. Pegasus v4.63 allows the insertion of a table and the editing of the number of rows or columns of that table; but it does not support editing of HTML source code. It supports hanging indents to increments of one tab spacing, which is very crude. 8. DreamMail 9. FoxMail 10. SeaMonkey. http://www.seamonkey-project.org/. Allows inserting of tables. Appears to allow insertion of HTML code, but does not allow viewing of the entire HTML source code. 11. Netscape Messenger used to have an HTML editor.
    [Show full text]
  • Efail: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels
    Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak and Christian Dresen, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Fabian Ising and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, NXP Semiconductors, Belgium; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak1, Christian Dresen1, Jens Muller¨ 2, Fabian Ising1, Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, and Jorg¨ Schwenk2 1Munster¨ University of Applied Sciences 2Ruhr University Bochum 3NXP Semiconductors, Belgium Abstract is designed to protect user data in such scenarios. With end-to-end encryption, the email infrastructure becomes OpenPGP and S/MIME are the two prime standards merely a transportation service for opaque email data and for providing end-to-end security for emails. We de- no compromise – aside from the endpoints of sender or scribe novel attacks built upon a technique we call mal- receiver – should affect the security of an end-to-end en- leability gadgets to reveal the plaintext of encrypted crypted email. emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails. These snippets S/MIME and OpenPGP. The two most prominent stan- abuse existing and standard conforming backchannels to dards offering end-to-end encryption for email, S/MIME exfiltrate the full plaintext after decryption.
    [Show full text]
  • Chinatown Little Italy Hd Nrn Final
    NPS Form 10-900 OMB No. 10024-0018 (Oct. 1990) United States Department of the Interior National Park Service National Register of Historic Places Registration Form This form is for use in nominating or requesting determinations for individual properties and districts. See instructions in How to Complete the National Register of Historic Places Registration Form (National Register Bulletin 16A). Complete each item by marking “x” in the appropriate box or by entering the information requested. If an item does not apply to the property being documented, enter “N/A” for “not applicable.” For functions, architectural classification, materials, and areas of significance, enter only categories and subcategories from the instructions. Place additional entries and narrative items on continuation sheets (NPS Form 10-900a). Use a typewriter, word processor, or computer to complete all items. 1. Name of Property historic name Chinatown and Little Italy Historic District other names/site number 2. Location Roughly bounded by Baxter St., Centre St., Cleveland Pl. & Lafayette St. to the west; Jersey St. & street & number East Houston to the north; Elizabeth St. to the east; & Worth Street to the south. [ ] not for publication (see Bldg. List in Section 7 for specific addresses) city or town New York [ ] vicinity state New York code NY county New York code 061 zip code 10012 & 10013 3. State/Federal Agency Certification As the designated authority under the National Historic Preservation Act, as amended, I hereby certify that this [X] nomination [ ] request for determination of eligibility meets the documentation standards for registering properties in the National Register of Historic Places and meets the procedural and professional requirements as set forth in 36 CFR Part 60.
    [Show full text]
  • Distributor Settlement Agreement
    DISTRIBUTOR SETTLEMENT AGREEMENT Table of Contents Page I. Definitions............................................................................................................................1 II. Participation by States and Condition to Preliminary Agreement .....................................13 III. Injunctive Relief .................................................................................................................13 IV. Settlement Payments ..........................................................................................................13 V. Allocation and Use of Settlement Payments ......................................................................28 VI. Enforcement .......................................................................................................................34 VII. Participation by Subdivisions ............................................................................................40 VIII. Condition to Effectiveness of Agreement and Filing of Consent Judgment .....................42 IX. Additional Restitution ........................................................................................................44 X. Plaintiffs’ Attorneys’ Fees and Costs ................................................................................44 XI. Release ...............................................................................................................................44 XII. Later Litigating Subdivisions .............................................................................................49
    [Show full text]