|
EFAIL
Efail, also written EFAIL, is a security hole in email systems with which content can be transmitted in encrypted form. This gap allows attackers to access the decrypted content of an email if it contains active content like HTML or JavaScript, or if loading of external content has been enabled in the client. Affected email clients include Gmail, Apple Mail, and Microsoft Outlook. Two related Common Vulnerabilities and Exposures IDs, , have been issued. The security gap was made public on 13 May 2018 by Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky and Jörg Schwenk as part of a contribution to the 27th USENIX Security Symposium, Baltimore, August 2018. As a result of the vulnerability, the content of an attacked encrypted email can be transmitted to the attacker in plain text by a vulnerable email client. The used encryption keys are not disclosed. Description The security gap concerns many common ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
S/MIME
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by RSA Data Security and the original specification used the IETF MIME specification with the de facto industry standard PKCS#7 secure message format. Change control to S/MIME has since been vested in the IETF and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature. Function S/MIME provides the following cryptographic security services for electronic messaging applications: * Authentication * Message integrity * Non-repudiation of origin (using digital signatures) * Privacy ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenPGP
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991. PGP and similar software follow the OpenPGP, an open standard of PGP encryption software, standard (RFC 4880) for encrypting and decrypting data. Design PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a username or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system, which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Efail Logo
Efail, also written EFAIL, is a security hole in email systems with which content can be transmitted in encrypted form. This gap allows attackers to access the decrypted content of an email if it contains active content like HTML or JavaScript, or if loading of external content has been enabled in the client. Affected email clients include Gmail, Apple Mail, and Microsoft Outlook. Two related Common Vulnerabilities and Exposures IDs, , have been issued. The security gap was made public on 13 May 2018 by Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky and Jörg Schwenk as part of a contribution to the 27th USENIX Security Symposium, Baltimore, August 2018. As a result of the vulnerability, the content of an attacked encrypted email can be transmitted to the attacker in plain text by a vulnerable email client. The used encryption keys are not disclosed. Description The security gap concerns many common ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
HTML Email
HTML email is the use of a subset of HTML to provide formatting and semantic markup capabilities in email that are not available with plain text: Text can be linked without displaying a URL, or breaking long URLs into multiple pieces. Text is wrapped to fit the width of the viewing window, rather than uniformly breaking each line at 78 characters (defined in RFC 5322, which was necessary on older text terminals). It allows in-line inclusion of images, tables, as well as diagrams or mathematical formulae as images, which are otherwise difficult to convey (typically using ASCII art). Adoption Most graphical email clients support HTML email, and many default to it. Many of these clients include both a GUI editor for composing HTML emails and a rendering engine for displaying received HTML emails. Since its conception, a number of people have vocally opposed all HTML email (and even MIME itself), for a variety of reasons. For instance, the ASCII Ribbon Campaign advocated tha ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Heise Security
Heise (officially ''Heise Gruppe'') is a German media conglomerate headquartered in Hanover. It was founded in 1949 by Heinz Heise and is still family-owned. Its core business is directory media as well as general-interest and specialist media from the fields of computer technology, information technology and network culture. Another focus of its business activities is portals for price and product comparisons. History In 1949, founded the publishing house named after him in Hanover-Badenstedt. The company's first product was an address book for the town of Bünde, later joined by the telephone directory for Einbeck. Gradually, other cities and regions were added to the product range. In addition, Heise expanded the program to include non-fiction topics, such as manuals on law. By 1960, sales had risen to over one million marks. In 1972, Heinz Heise handed over the management of the company to his son . Under his leadership, a magazine for electronics and technology topics, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Heise Online
Heise (officially ''Heise Gruppe'', formerly ''Verlag Heinz Heise'') is a German media conglomerate headquartered in Hanover, Lower Saxony. It was founded in 1949 by and is still family-owned. Its core business is directory media as well as general-interest and specialist media from the fields of computer technology, information technology, and internet culture. Another focus of its business activities is portals for price and product comparisons. History In 1949, Heinz Heise founded the publishing house named after him in Hanover-Badenstedt. The company's first product was an address book for the town of Bünde, later joined by the telephone directory for Einbeck. Gradually, other cities and regions were added to the product range. In addition, Heise expanded the program to include non-fiction topics, such as manuals on law. By 1960, sales had risen to over one million marks. In 1972, Heinz Heise handed over the management of the company to his son Christian. Under his leade ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Danny O'Brien (journalist)
Danny O'Brien (born 1969) is a British technology journalist and civil liberties activist. He is the International Director of the Electronic Frontier Foundation. Career He wrote weekly columns for ''The Sunday Times'' and ''The Irish Times''; and before that for ''The Guardian'', and acted as a consultant in helping ''The Guardian'' formulate its online strategy. He worked for the UK edition of ''Wired'', as well as for Channel 4 and the British ISP Virgin.net. Together with Dave Green, he founded and wrote the now-defunct email newsletter ''Need to Know'' and with whom he also co-wrote and -presented the television show '' 404 Not Found''. In May 2005, he succeeded Ren Bucholz as Activist Coordinator for the Electronic Frontier Foundation, and then became EFF's International Outreach Coordinator. In April 2010, he moved to a new position as Internet Advocacy Coordinator for the Committee to Protect Journalists. In February 2013, he became the Director of the International ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Electronic Frontier Foundation
The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet civil liberties. The EFF provides funds for legal defense in court, presents '' amicus curiae'' briefs, defends individuals and new technologies from what it considers abusive legal threats, works to expose government malfeasance, provides guidance to the government and courts, organizes political action and mass mailings, supports some new technologies which it believes preserve personal freedoms and online civil liberties, maintains a database and web sites of related news and information, monitors and challenges potential legislation that it believes would infringe on personal liberties and fair use and solicits a list of what it considers abusive patents with intentions to defeat those that it considers without merit. History Fou ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
HTML Tag
The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScript. Web browsers receive HTML documents from a web server or from local storage and render the documents into multimedia web pages. HTML describes the structure of a web page semantically and originally included cues for the appearance of the document. HTML elements are the building blocks of HTML pages. With HTML constructs, images and other objects such as interactive forms may be embedded into the rendered page. HTML provides a means to create structured documents by denoting structural semantics for text such as headings, paragraphs, lists, links, quotes, and other items. HTML elements are delineated by ''tags'', written using angle brackets. Tags such as and directly introduce content into the page. Other tags such as surround a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Gadget (machine Instruction Sequence)
Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing. In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present in the machine's memory, called "gadgets". Each gadget typically ends in a return instruction and is located in a subroutine within the existing program and/or shared library code. Chained together, these gadgets allow an attacker to perform arbitrary operations on a machine employing defenses that thwart simpler attacks. Background Return-oriented programming is an advanced version of a stack smashing attack. Generally, these types of attacks arise when an adversary manipulates the call stack by taking advantage of a bug in the program, often a buffer overrun. In a buffer overrun, a function t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ciphertext
In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it. This process prevents the loss of sensitive information via hacking. Decryption, the inverse of encryption, is the process of turning ciphertext into readable plaintext. Ciphertext is not to be confused with codetext because the latter is a result of a code, not a cipher. Conceptual underpinnings Let m\! be the plaintext message that Alice wants to secretly transmit to Bob and let E_k\! be the encryption cipher, where _k\! is a cryptographic key. Alice must first transform the plaintext into ciphertext, c\!, in order to securely send the message to Bob, as follows: : c = E_k(m). \! In a symmetric-key system, Bob knows Alice's encryption key. Once the m ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cipher Feedback Mode
In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authentication, authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a Block (data storage), block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block. Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV has to be non-repeating and, for some modes, random as well. The initialization vector is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same Key (cryptography), key. Block ciphers may be capable of operating on more than one Block size (cryptography), block size, but ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
