Keith Lee, the founder of a LawyerSmack, an online legal community, says: "The most [lawyers] are doing is using GSuite or some equivalent and relying on that in transit encryption, but are rarely (if ever) actually encrypting the text/content of emails". Unfortunately, guarding messages from an attacker with full access to your data is one of the primary use cases for both encryption formats.
The Electronic Frontier Foundation (EFF) advises to immediately disable all email tools that automatically decrypt PGP.
A professor of computer science has warned users of Pretty Good Privacy (PGP) that the encryption program has vulnerabilities and should be immediately disabled.
A group of European security researchers have discovered vulnerabilities that could be exploited to "reveal the plaintext of encrypted emails", including those sent in the distant past, CSO reported. "The emails could even have been collected years ago", the researchers said.
National Hurricane Center: 40% Chance Tropical Cyclone Forms Off Florida
There is a weak disturbance in the southeastern Gulf of Mexico. If this system develops, it would be Tropical Storm Alberto.
Full details of the PGP and S/MIME flaws were due to be released on Tuesday, when the researchers appear to have negotiated a coordinated vulnerability announcement with makers of vulnerable software.
"The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc", the researchers - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk - wrote. Thunderbird, Apple Mail, and Outlook are the three major email providers who need to be wary of the exploit as they use PGP encryption. The Foundation which has been in communication with the researchers has advised users to "temporarily stop sending and especially reading PGP-encrypted email".
The Efail report lists additional steps users can take to reduce the likelihood of falling prey to encryption attacks - namely, decrypting S/Mime and PGP outside email clients in a separate application and disabling HTML rendering altogether.
Critics have also been quick to cast doubt on the severity of the EFail vulnerability, noting that the hack isn't easy to pull off. Previously encrypted emails may now become available for decryption without having the proper credentials to do so.
The encrypted email is modified and send to the target.