惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
腾讯CDC
V
V2EX
Martin Fowler
Martin Fowler
A
About on SuperTechFans
大猫的无限游戏
大猫的无限游戏
Blog — PlanetScale
Blog — PlanetScale
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Check Point Blog
博客园 - 【当耐特】
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
K
Kaspersky official blog
Security Latest
Security Latest
H
Help Net Security
博客园_首页
美团技术团队
Spread Privacy
Spread Privacy
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
G
Google Developers Blog
NISL@THU
NISL@THU
爱范儿
爱范儿
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security @ Cisco Blogs
Schneier on Security
Schneier on Security
雷峰网
雷峰网
人人都是产品经理
人人都是产品经理
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
I
InfoQ
The Cloudflare Blog
F
Full Disclosure
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium

Posteo.de - Newsroom

Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de
Email green, secure, simple and ad-free - posteo.de
2018-05-15 · via Posteo.de - Newsroom

Update: Information about "Efail" reports

Created at 14.May 2018, 18:40 | Category: Blog

Update on May 15, 15:30:

We have an update for all users of Mailvelope:
The open source encryption plug-in Mailvelope is not affected by the critical Efail vulnerabilities and can continue to be used. Mailvelope communicated this information earlier this afternoon. With Mailvelope, PGP can be used in Posteo’s webmailer. We are in contact with the Mailvelope developer, Thomas Oberndörfer.
Nevertheless, he announced that they will improve the plug-in’s handling of HTML emails in regards to privacy for example by making the loading of external content such as images optional.
He recommends that users update to today’s release (Version 2.2.2) as minor problems have been fixed.

May 14, 18:40:

Dear Posteo users,

Today, the media has reported vulnerabilities within the end-to-end encryption standards, PGP and S/MIME.

We only became aware of the investigation today. Because of this, we cannot make any final assessments about the publication yet. We’re currently examining the document for you and are getting assessments from security experts. Furthermore, we have made contact with developers from current encryption software.

We’d like to respond to some questions we’ve received and also provide some initial tips for users of PGP and S/MIME. We will update this blog entry with any news.

Summary:
1.) If you do not use end-to-end encryption with PGP or S/MIME then you are not affected by this issue.
2.) If you use PGP or S/MIME, disable HTML rendering and external content from being loaded. (We’ve provided instructions on how to do this at the end of this blog entry)
3.) All participants of an encrypted communication must take the measures described in point 2.) of this summary.

Is email encryption unsafe now?

No, as a generalisation this is not correct as there is no “singular” form of email encryption. In general, emails nowadays are simultaneously secured through various security and encryption technologies. For example, end-to-end encryption does not protect the entire email communication even if many people believe it does. It only protects the content data.
The email’s metadata and subject are protected by the providers’ transport route encryption.

In reality, the security of an email correspondence depends on the combination of various technologies. When one encryption technology is viewed separately, it doesn’t say much about the actual security of a specific email communication in practice.

Attacks are only possible under strict conditions

The creators of this investigation presume in their scenario that an attacker already has access to an encrypted communication. However, nowadays email providers utilise security technologies that effectively prevent man-in-the-middle attacks and unauthorised access to encrypted communication.

The German Federal Office for Information Security (BSI) also describes the conditions for an attack (German text):
“An attacker has to have access to the transport route, the mail server or the email account of the recipient to exploit the vulnerabilities.”

The fact is that providers today are constantly improving secure transport routes, mail servers and accounts. We always utilise state of the art technology. Users should also secure their end devices as well.
Here’s an example of how we secure transport routes. In 2014, we were the first provider to implement the innovative technology DANE that eliminates the current vulnerabilities in transport route encryption (TLS). A combination of end-to-end encryption with a DANE-based transport route encryption results in a very high level of protection.
Tip: In Posteo’s webmailer you are notified before sending an encrypted email whether it will be protected with DANE or not .

We protect email servers with numerous technologies and an infrastructure that particularly protects our internal network and customers’ mailboxes consistently from external access. You can protect your account with a strong password. We encrypt every access to your account with the latest technologies. You can achieve an even higher level of protection if you activate two-factor authentication with additional email account protection. By activating the TLS-sending guarantee, you prevent your emails from being transferred to another email server without transport route encryption.

The German Federal Office for Information Security (BSI) describes another condition for an attack:
“Additionally the recipient would have to allow active content, or in other words, the rendering of HTML code and in particular the loading of external content.”

Because of this, users of end-to-end encryption should immediately review and adjust their settings for loading HTML code and external content accordingly. This should avert any acute dangers.

Guide for disabling external content from being loaded or HTML rendering

Thunderbird:
Disable HTML rendering:
1. Click on the sandwich-button in the top right corner of Thunderbird.
2. Click on “View”.
3. Under “Message Body As” select the menu item “Plain Text”.
Disable external content:
1. Click on the sandwich-button in the top right corner of Thunder and open “Options” / “Preferences”.
2. Open the menu item “Privacy”.
3. Under the category “Mail Content”, remove the tickmark “Allow remote content in messages”.

Apple Mail:
1. From the menu bar click on “Mail” and open “Preferences”.
2. Open the menu item “Viewing”.
3. Remove the tickmark from “Load remote content in messages”.

iOS:
1. Open “Settings”.
2. Touch “Mail”.
3. In the category “Messages”, deactivate the switch next to “Load Remote Images”.

Outlook:
1. Click on “File” and on the side menu on “Options”.
2. Open the menu item “Trust Center” and click on “Trust Center Settings”.
3. Click on “Email Security”.
4. In the section “Read as Plain Text” place a tickmark next to “Read all standard mail in plain text” and also by “Read all digitally signed mail in plain text”.
5. Confirm the changes with a click on “Ok”.

Best Regards,
The Posteo Team