contador web Saltar al contenido

Failure in email encryption exposes messages; see how to protect yourself | Email

A team of researchers has discovered a flaw that exposes emails from users of famous services like Apple Mail, Microsoft Outlook and Mozilla Thunderbird. The vulnerability, which has been called EFAIL (a pun on the words e-mail and fail, "failure" in English), is present in the PGP and S / MIME protocols, the two most used to protect sensitive messages, especially in the business environment.

According to experts, hackers can exploit the loophole to read any message encrypted with these technologies in recent years. The recommendation is to disable the function in applications for PC or Mac and use more secure communication alternatives, such as Signal.

How to sync Outlook.com on my phone without installing apps?

Vulnerability in encryption software could expose emails from users of Outlook, Thunderbird and Apple Mail Photo: Creative Commons / Flickr / elhombredenegroVulnerability in encryption software could expose emails from users of Outlook, Thunderbird and Apple Mail Photo: Creative Commons / Flickr / elhombredenegro

Vulnerability in encryption software could expose emails from users of Outlook, Thunderbird and Apple Mail Photo: Creative Commons / Flickr / elhombredenegro

In a BBC interview, F-Secure security expert Mikko Hypponen said the vulnerability could be used to decrypt a cache file of emails sent in the past, if an attacker has access to that data. Previously, old e-mail files stored on company servers are said to be protected by the PGP or S / MIME protocols.

The failure is due to the exploitation of HTML images contained in emails protected by PGP or S / MIME. The attacker first needs to access encrypted emails by spying on network traffic and gaining access to backups on servers or personal computers. The problem is aggravated by the applicability of the scam to messages collected years ago.

With the discovery of the flaw, the tendency for hackers to launch attacks on servers around the world to get e-mails sent over the past few years. One of the possibilities is the search for secrets for use in extortion schemes. For now, the only way to minimize the problem is to abandon encryption technologies and resort to alternative forms of network security. So, learn in the tutorials below how to disable the service in emails from Apple, Thunderbird and Outlook.

How to disable encryption in Apple Mail

Step 1. First, make sure Mail is closed. Then open the Finder and go to the Go> Go to folder menu.

Open the Finder quick access menu on Mac Photo: Reproduo / Paulo AlvesOpen the Finder quick access menu on Mac Photo: Reproduo / Paulo Alves

Open the Finder quick access menu on Mac Photo: Reproduo / Paulo Alves

Step 2. In the window that opens next, type in the bar "/ Library / Mail / Bundles" (without quotes). Then confirm the action in Go.

Open the path of installed bundles for Mail Foto: Reproduo / Paulo AlvesOpen the path of installed bundles for Mail Foto: Reproduo / Paulo Alves

Open the path of installed bundles for Mail Foto: Reproduo / Paulo Alves

Step 3. In the Bundles folder, find and move the file called GPGMail.mailbundles to the trash.

Move the GPG bundle to the trash Photo: Reproduo / Paulo AlvesMove the GPG bundle to the trash Photo: Reproduo / Paulo Alves

Move the GPG bundle to the trash Photo: Reproduo / Paulo Alves

How to disable encryption in Thunderbird

Step 1. Open Thunderbird and access the add-ons option through the main menu in the three line icon in the upper right corner.

Access the Thunderbird add-ons menu Photo: Reproduo / Paulo AlvesAccess the Thunderbird add-ons menu Photo: Reproduo / Paulo Alves

Access the Thunderbird add-ons menu Photo: Reproduo / Paulo Alves

Step 2. In the list of extensions, disable or remove the Enigmail add-on to prevent the use of the PGP protocol in your messages.

Disable the Enigmail extension Photo: Reproduo / Paulo AlvesDisable the Enigmail extension Photo: Reproduo / Paulo Alves

Disable the Enigmail extension Photo: Reproduo / Paulo Alves

How to disable encryption in Outlook

Step 1. Download the GPG4 installer (files.gpg4win.org/gpg4win-3.1.1.exe) on Windows and start the wizard as if installing the security mechanism for the first time.

Download the security protocol installer Photo: Reproduo / Paulo AlvesDownload the security protocol installer Photo: Reproduo / Paulo Alves

Download the security protocol installer Photo: Reproduo / Paulo Alves

Step 2. In the component selection window, deselect the GpgOL option and leave the rest of the alternatives unchanged. Select Next and finish the installation to remove the PGP protocol previously installed in Outlook.

Uncheck Open GPG to remove the protocol from Outlook Photo: Reproduo / Paulo AlvesUncheck Open GPG to remove the protocol from Outlook Photo: Reproduo / Paulo Alves

Uncheck Open GPG to remove the protocol from Outlook Photo: Reproduo / Paulo Alves

Via Electronic Frontier Foundation and BBC