Hello, welcome to the Tuesday, May 15th, 2018 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. Monday morning, one issue made big waves, e-fail, a vulnerability in how many

email clients implement PGP and SMIME.

Now, EFail is really two distinct vulnerabilities.

The first one is a problem in how many email clients do implement SMIM and PGP,

and yes, this first problem does affect both encryption methods.

That all starts out with MIME. With MIME, we can have multiple parts in our email,

some of them may be encrypted, and your email client may be configured to automatically

decrypt encrypted parts. Secondly, an attacker would have a copy of the encrypted email.

Remember, that's why we encrypt them,

because the attacker can actually gain access to copies of our emails in transit.

Now, what the attacker is doing next is to create a three-part MIM message.

The first part is HTML and it's the start of an image tag.

The second part is the encrypted email.

The third part closes out the image tag.

So the idea here is that the user opens the email, the content is automatically

decrypted, but because the content is part of the image tag, it's then being sent to the

attacker's web server from which the client attempts to download the image.

So again, this first vulnerability, not a problem with either PGP and S-MIME,

really just a problem with sloppy parsing of MIME and HTML emails, and you should never really

download images from remote servers. Many email clients do protect you from that and don't do that

automatically so that would be the first thing to check. Secondly, you probably

...