Security Alerts & News
by Tymoteusz A. Góral

#2056 Pretzel: Email encryption and provider-supplied functions are compatible (PDF)
Emails today are often encrypted, but only between mail servers—the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5 x versus the status quo.
Read more
#2064 Web cache deception attack
#2063 Dridex’s cold war: enter AtomBombing
#2062 Decrypting after a Findzip ransomware infection
#2061 Filecode ransomware attacks your Mac – how to recover for free
#2060 Google security researcher finds hole in ESET's Mac antivirus
#2059 AWS goes down, and so do millions of websites, apps, and other services
#2058 AI learns to write its own code by stealing from other programs
#2057 Ransomware for dummies: Anyone can do it
#2056 Pretzel: Email encryption and provider-supplied functions are compatible (PDF)
#2055 Google Play apps infected with malicious iFrames
#2054 Is E2EMail a new beginning or the end for Google’s End-to-End?
#2053 Expanding protection for Chrome users on macOS
#2052 Password-manager apps for Android (security analysis)
#2051 Crypt0L0cker ransomware is back with campaigns targeting Europe
#2050 Yahoo says 32m user accounts were accessed via cookie forging attack
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12