https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questio... https://efail.de/efail-attack-paper.pdf
Nasty year for security 2018 is turning out to be.
Newly announced flaw in PGP/GPG when used for email that lets remote hackers get copies of your encrypted emails (whether sender or recipient). Many (most?) email clients (MUAs) are not patched yet (but the Linux ones should be shortly).
The encryption itself isn't broken, it's the way email clients and their html parsers work that is being abused. For the hack to work you have to use a vulnerable email client that has builtin html support (most do, but mine doesn't, yay!) and the attacker has to intercept an encrypted email for/from you and then send it to you wrapped in some naughty html. Your email client then decrypts the email and the naughty html promptly sends a copy to the attacker via backchannels (getvars or similar in img tags hitting hacker servers).
To be clear, they can only use this hack to read emails they've already intercepted and tricked you into opening in your HTML MUA.
If you use GPG from the command line you're basically safe. It's still good encryption (with a caveat about integrity checks that won't affect most use cases). GPG used for package signing, etc, is still safe. GPG used for local file encryption is safe.
To be safe for email, update your MUA when it patches this, and ensure all your contacts you PGP/GPG with do the same. Unlike Spectre et al, this one is fairly easy to fix assuming most people do it in a reasonable amount of time (ya, I know).
Strangely, EFF recommends people phase our PGP/GPG email and have no real recommended drop-in replacement. I find this odd, as to me *some* emails being hackable certainly beats *all* emails being hackable (i.e. plaintext) which is basically what they are advocating.
Oh ya, this all could have been avoided if people stopped using HTML in emails and HTML-capable MUAs. <GRIN>
Oh ya, this all could have been avoided if people stopped using HTML in
emails and HTML-capable MUAs. <GRIN>
Oh come now (grin or no grin)! That would take us back to the textual-content-only era that was already ending by about 1995. Non-textual content and good looks in e-mail do matter in 2018!
Hartmut W Sager - Tel +1-204-339-8331, +1-204-515-1701, +1-204-515-1700, +1-810-471-4600
On Mon, 14 May 2018 at 23:24, Trevor Cordes trevor@tecnopolis.ca wrote:
https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questio... https://efail.de/efail-attack-paper.pdf
Nasty year for security 2018 is turning out to be.
Newly announced flaw in PGP/GPG when used for email that lets remote hackers get copies of your encrypted emails (whether sender or recipient). Many (most?) email clients (MUAs) are not patched yet (but the Linux ones should be shortly).
The encryption itself isn't broken, it's the way email clients and their html parsers work that is being abused. For the hack to work you have to use a vulnerable email client that has builtin html support (most do, but mine doesn't, yay!) and the attacker has to intercept an encrypted email for/from you and then send it to you wrapped in some naughty html. Your email client then decrypts the email and the naughty html promptly sends a copy to the attacker via backchannels (getvars or similar in img tags hitting hacker servers).
To be clear, they can only use this hack to read emails they've already intercepted and tricked you into opening in your HTML MUA.
If you use GPG from the command line you're basically safe. It's still good encryption (with a caveat about integrity checks that won't affect most use cases). GPG used for package signing, etc, is still safe. GPG used for local file encryption is safe.
To be safe for email, update your MUA when it patches this, and ensure all your contacts you PGP/GPG with do the same. Unlike Spectre et al, this one is fairly easy to fix assuming most people do it in a reasonable amount of time (ya, I know).
Strangely, EFF recommends people phase our PGP/GPG email and have no real recommended drop-in replacement. I find this odd, as to me *some* emails being hackable certainly beats *all* emails being hackable (i.e. plaintext) which is basically what they are advocating.
Oh ya, this all could have been avoided if people stopped using HTML in emails and HTML-capable MUAs. <GRIN> _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On 2018-05-15 Hartmut W Sager wrote:
Oh ya, this all could have been avoided if people stopped using HTML in
emails and HTML-capable MUAs. <GRIN>
Oh come now (grin or no grin)! That would take us back to the textual-content-only era that was already ending by about 1995. Non-textual content and good looks in e-mail do matter in 2018!
Inline HTML containing the nub of the email? Matters for marketing/commerce (and spam)... not for normal person to person communication. MUUG [RndTbl] seems to do quite fine without it! :-)
I'll grant you attached pics are handy, but making the actual email content HTML is hurl-inducing. Not to mention 99% of the punters out there *still* don't format their email correctly even with all the HTML WYSIWYG gadgets. In fact, it usually makes them worse (ever see one trying to inline reply point-by-point and getting it completely wrong? and they probably spent an hour doing so). Ugh. (Oh ya, and email marketers are tracking the heck out of your HTML email MUA...)
</old guy grumbling... dern kidz these dayz>
How do I tell if/how a pair of drives were configured for RAID? This is a customer's computer, used for a small business. A drive is failing. When I opened it, I found 2 identical drives. The customer didn't know she had 2 drives. In BIOS, the drives are configured for RAID. However, this computer uses Intel Matrix Storage Manager. Not sure of the version, not sure which version of Windows. This model of computer originally shipped with Windows 7. I identified which hard drive was failing, completely disconnected it. Currently running a hard drive diagnostic on the other: it passed the short test, currently running the long test with no errors. Before disconnecting the failing hard drive, I thought I could go into a BIOS utility to check RAID configuration, but there wasn't anything. It just started Windows. I believe I saw a Windows 10 logo before I pulled the power. Intel software used by this HP computer is configured within Windows. I don't want to do that, I don't want to stress the failing hard drive. I think everyone on this list knows about failing drives. If this is RAID 0, then I have an easy shortcut: just replace the failing drive, and rebuild the mirror-set. So how do I determine that without starting Windows?
Thanks, Rob Dyck
Oops. Subject line should have said "RAID 1". You get the idea: RAID 0, 1, or not configured at all?
Thanks again, Rob
On 2018-05-26 Robert Dyck wrote:
didn't know she had 2 drives. In BIOS, the drives are configured for RAID. However, this computer uses Intel Matrix Storage Manager. Not
If BIOS set to RAID (Intel Matrix) then you definitely can get in to the RAID BIOS after the main BIOS does its thing, usually with ^I. Just try tapping ^I a ton when any BIOS starts showing on the screen. You can also try to set the BIOS-display delays longer in the main BIOS.
Also, check boot order and see if Intel RAID is set as the 1st boot option. If it is then for sure you have yourself a Intel RAID 1 there.
I don't want to do that, I don't want to stress the failing hard drive. I think everyone on this list knows about failing drives. If
If you have no reason to suspect the working drive, and it passes diags then I wouldn't worry too much, just put a replacement drive in and let it rebuild. If you're really concerned, do a dd image of the drive using a linux boot CD or stick, preferably on a test bench system without Matrix RAID (or with it off). But that is more complicated than just letting Matrix do its thing.
failing drive, and rebuild the mirror-set. So how do I determine that without starting Windows?
Booting with linux CD/stick will also show you if it's Matrix as it'll build a dm-raid for it probably. In fact, if you want to image the drive, best to stop whatever RAID linux sets up for it (mdadm --stop) before dd'ing the drive.
Again, all that is riskier IMHO than just replacing the drive, ^I'ing and telling Matrix to rebuild and just rebooting into Windows (it'll be dog slow, so be patient).
On May 28, 2018 1:09:45 AM CDT, Trevor Cordes trevor@tecnopolis.ca wrote:
On 2018-05-26 Robert Dyck wrote:
didn't know she had 2 drives. In BIOS, the drives are configured for RAID. However, this computer uses Intel Matrix Storage Manager. Not
If BIOS set to RAID (Intel Matrix) then you definitely can get in to the RAID BIOS after the main BIOS does its thing, usually with ^I. Just try tapping ^I a ton when any BIOS starts showing on the screen. You can also try to set the BIOS-display delays longer in the main BIOS.
Also, check boot order and see if Intel RAID is set as the 1st boot option. If it is then for sure you have yourself a Intel RAID 1 there.
I don't want to do that, I don't want to stress the failing hard drive. I think everyone on this list knows about failing drives. If
If you have no reason to suspect the working drive, and it passes diags then I wouldn't worry too much, just put a replacement drive in and let it rebuild. If you're really concerned, do a dd image of the drive using a linux boot CD or stick, preferably on a test bench system without Matrix RAID (or with it off). But that is more complicated than just letting Matrix do its thing.
failing drive, and rebuild the mirror-set. So how do I determine that without starting Windows?
Booting with linux CD/stick will also show you if it's Matrix as it'll build a dm-raid for it probably. In fact, if you want to image the drive, best to stop whatever RAID linux sets up for it (mdadm --stop) before dd'ing the drive.
Again, all that is riskier IMHO than just replacing the drive, ^I'ing and telling Matrix to rebuild and just rebooting into Windows (it'll be dog slow, so be patient). _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Since I can't tell in my mail reader, I assume others can't either, so:
that's Control-I, as in FGH*I*JKL, not a lowercase "ell" or digit one or pipe/bar or... etc.
"I" for *I*ntel, obviously... ;)
-Adam
-
Adam Thompson -
Hartmut W Sager -
Robert Dyck -
Trevor Cordes