[Gpg4win-commits] [git] Gpg4win - branch, website, updated. gpg4win-2.1.0-381-g1468f01
by Andre Heinecke
cvs at cvs.gnupg.org
Thu May 17 16:11:22 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG for Windows".
The branch, website has been updated
via 1468f0138c8f1281d54ca146019f988b19d808c0 (commit)
from a66990b4bc49868821a3712134253089a336a2b4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1468f0138c8f1281d54ca146019f988b19d808c0
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Thu May 17 16:02:13 2018 +0200
web: Add statement about efail
This is based on efail-gpg4win-statement-20180517ber8.txt
as posted on gpg4win-devel at wald.intevation.org.
diff --git a/web/header.m4 b/web/header.m4
index 31ccea1..f0c2a1a 100644
--- a/web/header.m4
+++ b/web/header.m4
@@ -40,22 +40,21 @@
-->
<div class="h_text_beta">
<p><span class="heading">News</span></p>
- <small>2018-05-03</small><br>
+ <small>2018-05-16</small><br>
<span class="serif_word"><img src="img/bulletin.png" alt"" />
m4_ifelse(LANG_DE, `1', `
- <a href="http://lists.wald.intevation.org/pipermail/gpg4win-announce-de/2018-May/000042.html">Gpg4win 3.1.1 veröffentlicht
+ <a href="statement-efail.html">Stellungnahme zu Efail (en)
</a></span>',`
- <a href="http://lists.wald.intevation.org/pipermail/gpg4win-announce/2018-May/000078.html">
- Gpg4win 3.1.1 released
+ <a href="statement-efail.html">Statement on Efail
</a></span>')
<p></p>
- <small>2018-04-13</small><br>
+ <small>2018-05-03</small><br>
<span class="serif_word"><img src="img/bulletin.png" alt"" />
m4_ifelse(LANG_DE, `1', `
- <a href="http://lists.wald.intevation.org/pipermail/gpg4win-announce-de/2018-April/000041.html">Gpg4win 3.1.0 veröffentlicht
+ <a href="http://lists.wald.intevation.org/pipermail/gpg4win-announce-de/2018-May/000042.html">Gpg4win 3.1.1 veröffentlicht
</a></span>',`
- <a href="http://lists.wald.intevation.org/pipermail/gpg4win-announce/2018-April/000077.html">
- Gpg4win 3.1.0 released
+ <a href="http://lists.wald.intevation.org/pipermail/gpg4win-announce/2018-May/000078.html">
+ Gpg4win 3.1.1 released
</a></span>')
<p></p>
<div class="limiter"></div>
diff --git a/web/newsarchive-de.htm4 b/web/newsarchive-de.htm4
index 075a89e..74dd2ad 100644
--- a/web/newsarchive-de.htm4
+++ b/web/newsarchive-de.htm4
@@ -19,6 +19,9 @@ Aktuelle Meldungen gibt es auf der <a href="index-de.html">Startseite</a>.
<h2>2018</h2>
<ul>
<li><a
+ href="http://lists.wald.intevation.org/pipermail/gpg4win-announce-de/2018-April/000041.html">
+ 2018-04-13: Gpg4win 3.1.0 veröffentlicht</a></li>
+ <li><a
href="version3.1-de.html">
2018-03-08: Gpg4win 3.1.0 beta veröffentlicht</a></li>
<li><a
diff --git a/web/newsarchive.htm4 b/web/newsarchive.htm4
index 06b1b42..cd93eff 100644
--- a/web/newsarchive.htm4
+++ b/web/newsarchive.htm4
@@ -20,6 +20,9 @@ The latest news are placed at the <a href="./">welcome page</a>.
<h2>2018</h2>
<ul>
<li><a
+ href="http://lists.wald.intevation.org/pipermail/gpg4win-announce/2018-April/000077.html">
+ 2018-04-13: Gpg4win 3.1.0 released</a></li>
+ <li><a
href="version3.1.html">
2018-03-08: Gpg4win 3.1.0 beta released</a></li>
<li><a
diff --git a/web/statement-efail.htm4 b/web/statement-efail.htm4
new file mode 100644
index 0000000..bc44218
--- /dev/null
+++ b/web/statement-efail.htm4
@@ -0,0 +1,176 @@
+m4_dnl -*-html-*-
+m4_include(`template.m4')
+m4_dnl $Id$
+
+m4_define(`EN')
+m4_define(`DE_FILE', `statement-efail.html')
+
+m4_define(`TITLE', `statement on Efail research')
+m4_define(`MAIN', `statement-efail')
+
+PAGE_START
+
+<div id="intro">
+<h1>Statement on Efail research</h1>
+<br/>(2018-05-17)
+</div>
+
+<div id="main">
+
+<h2>Summary</h2>
+<p>On the 14th of May 2018, a group of researchers published
+a number of problems in mail applications on <a href="https://efail.de/">efail.de</a>.
+Most mail clients supporting
+S/MIME are affected as well as a few clients supporting OpenPGP.</p>
+<p>They have tested OpenPGP support with GpgOL (our Outlook-Addin)
+and it behaved well for supported versions of Outlook.</p>
+<p>The bottom line is, that you can keep using Gpg4win while:</p>
+<ul><li>You pay extra attention to the ability of your S/MIME recipients to handle
+ crypto emails well, until the majority of other email clients has been
+ updated.
+</li><li>You never load external references in encrypted HTML emails, especially
+ for S/MIME. Make sure that the default is still <em>off</em>.
+</li></ul>
+<p>The Gpg4win Initiative plans to release another minor
+version soon that takes further precautions, removes Outlook 2007 support,
+and improves some edge cases for its S/MIME support.</p>
+<h2>Details</h2>
+<p>On the 14th of May 2018, a group of academic researchers from Germany
+and Belgium published a paper called
+<a href="https://efail.de/efail-attack-paper.pdf">Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.0)</a> on their website.
+They show of number of problems with how email encryption is currently
+implemented. A few mail clients supporting OpenPGP and most clients
+supporting S/MIME are affected.</p>
+
+
+<h3>"Direct exfiltration" in other clients</h3>
+<p>Two major email clients, Apple Mail and Thunderbird/Eigmail, have been found
+to be vulnerable to an attack called "direct exfiltration".
+<strong>Gpg4win's Outlook-Plugin</strong> and for example the
+Free Software ("Open Source") mailers Claws, Evolution, KMail, K9-Mail,
+Mailvelope, Mailpile and Mutt were <strong>found to be immune.</strong></p>
+<p>The attack is made possible if the email client concatenates
+different mail parts and interprets them together as HTML with external
+references. This can be used by an attacker: A manipulated encrypted email
+tricks the email client into sending decrypted plaintext
+to a webserver of choice, when fetching the references.</p>
+<p>As this attack works on the sender and all recipients of an encrypted email,
+all the used email clients have to be safe for your communication to be safe.</p>
+<p><strong>Advise: Make sure to only send encrypted emails to people that
+are using clients in a safe way. Put special attention to the vulnerable
+clients listed in the bottom of efail.de until fixed versions are widely
+available.</strong>
+Check updates from a computer emergency response team that feels
+responsible for you, e.g.
+<a href="https://cert-bund.de/advisoryshort/CB-K18-0673">CB-K18-0673 (Germany)</a>
+and their <a href="https://www.bsi.bund.de/EN/Service/Information/article/efail_vulnerabilities_14052018.html">"Efail" vulnerabilities - What you should know now</a>
+or <a href="https://www.kb.cert.org/vuls/id/122919">VU#122919 (USA)</a>.</p>
+<p>Note:</p>
+<ul><li>Each communication partner already had the responsibility
+ to keep contents coming from you confidential on an organisational and
+ technical level. Right now some may just not be informed about the version
+ of their product being vulnerable to this specific attack.
+</li></ul>
+
+<h3>"crypto gadget" attack</h3>
+<p>If an email is only encrypted and not signed, an attacker can
+reorder, delete or insert data, which will be partly decrypted.
+The current OpenPGP protocol as it is widely used for about 15 years
+includes protection against this manipulation.
+Current S/MIME specifications also allow for protection, but this has not
+been deployed in practice.
+The manipulation can cause an insecure mail client to
+leak decrypted data to a remote attacker through a backchannel like an
+external reference. The attack does not work, if there is no usable
+backchannel.</p>
+
+<h4>OpenPGP</h4>
+<p>The GnuPG crypto-backend in Gpg4win detects such manipulations
+and issues an error to mail clients, unless the sender or receiver
+deliberately uses weak settings.
+Most mail clients using Gpg4win respect the errors issued by GnuPG.
+Especially Ggp4win's Outlook Add-in "GpgOL" will not display
+any data in this case which makes it
+<strong>immune against the OpenPGP crypto gadget attack.</strong></p>
+<p>The combination of GpgOL and Outlook 2010 or newer
+in addition does not load external links by default.
+Automatically loading links in mails is a privacy problem in
+itself and has long been discouraged for security reasons.
+Only some mail clients load external URLs by default.</p>
+<p>An exception to this is GpgOL for Outlook 2007. Since
+Version 3.0 Gpg4win already shows a warning that this part of GpgOL
+is unmaintained. Users should stop using Outlook 2007 as it does not receive
+updates from its vendor anymore. Support for this version
+will be removed in the next Gpg4win revision.</p>
+
+<h4>S/MIME</h4>
+<p>Deployed standard S/MIME implementations do not have a way to detect the
+mentioned manipulations when using unsigned mails.
+This is described in the current S/MIME standard (RFC5751).</p>
+<p>The problem arises if clients still show contents in case of a missing or
+bad signature for an encrypted mail and they are loading external references
+to open a backchannel.</p>
+<p>Note that there is an S/MIME mode to GpgOL, which is disabled by default
+and has not been tested by the researchers. They tested the S/MIME
+mode of KMail which is also using GnuPG as an S/MIME backend
+and only found that a user can manually trigger a backchannel.</p>
+<p>As a precaution against any S/MIME message modification attacks
+in Outlook the Gpg4win team <strong>recommends to not load external
+references, e.g. images, in mails and refrain from using HTML-mails.</strong></p>
+<p>Automatic download of images could have been enabled in Outlooks options
+under: "Trust Center->Automatic Download"
+The automatic download is disabled by default, thus
+<strong>GpgOL is immune against the S/MIME crypto gadget attack</strong>.</p>
+<p>A rarely used feature of Gpg4win is to apply S/MIME crypto operations
+to files. When executing files users should always <strong>ensure
+that it comes from a trustworthy source</strong> by checking a signature.</p>
+<p>Note: When receiving an email or file without a cryptographic signature you
+ already had to be careful that the contents could have been manipulated and
+ thus you should not use unsigned active contents, like executables,
+ office macros and other scripts.</p>
+
+<h2>Media coverage of the larger picture</h2>
+<p>While the researchers have chosen an imported topic to work on and their
+tests demonstrated important weaknesses in implementations
+and the need to update related standards, there is some concern in the
+Gpg4win team about how the findings got reported in some media.</p>
+<p>The broken email clients allowing "direct extraction" are worrisome
+and may need broad media coverage to use reach their users, it would
+have been better to wait with reporting until better fixes and instructions
+were available. It is a classic situation that is happening several times
+during the year that some implementations are found to be defect and updates
+are needed. It happens to many applications and does not indicate
+a more general problem.</p>
+<p>The problem with S/MIME implementations missing integrity protection
+is serious and we hope that vendors will quickly agree on implementing
+RFC6476 or something similar. This seems to be the most interesting
+finding, as it cannot be resolved quickly and it reminds everybody
+to be careful with contents that can become active as a backchannel
+or exploit code.</p>
+<p>The situation with OpenPGP is different:
+When used sensibly, the current OpenPGP specification, its implementations,
+and GnuPG itself continue to provide very reasonable protection.
+The integrity detection MDC is
+used for more than 15 years and GnuPG itself issues a clear indication
+for a manipulated email and even a hard failure since 2015.</p>
+<p>On a general note: OpenPGP and S/MIME are protocols which are
+openly documented with several implementations and variants.
+OpenPGP is additionally designed to have a de-centralised structure.
+They need to consider backwards compatibility more than a single vendor,
+but they are also less vulnerable against a serious implementation
+defect in one product.</p>
+<p>When considering other solutions for communicating in private our
+recommendation would be to also check if it is Free Software ("Open Source"),
+openly documented, de-centralised and has an understandable business model
+where users are the customers.</p>
+<p>Security is a complicated matter and thus profits from calm reporting.
+A pressure to simplify and report quickly on the research findings may
+have caused more confusion than necessary. It is for us as readers to
+honor a thorough style of journalism that may need more time to shine.</p>
+<p>2018-05-16
+Bernhard Reiter,
+Andre Heinecke,
+Werner Koch</p>
+<p>CC-BY-SA 4.0</p>
+
+</div>
-----------------------------------------------------------------------
Summary of changes:
web/header.m4 | 15 ++--
web/newsarchive-de.htm4 | 3 +
web/newsarchive.htm4 | 3 +
web/statement-efail.htm4 | 176 +++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 189 insertions(+), 8 deletions(-)
create mode 100644 web/statement-efail.htm4
hooks/post-receive
--
GnuPG for Windows
http://git.gnupg.org
More information about the Gpg4win-commits
mailing list