PITTSBURGH, May 16, 2018 /PRNewswire/ -- Hornetsecurity,
a German-based cloud security solutions company that recently
opened its first United States
base of operations in Pittsburgh,
vehemently disagrees with a recent study that calls into question
the security of PGP and S/MIME encryption standards widely used by
businesses for their corporate email communications.
On May 14, researchers from
Münster University of Applied Sciences
(Germany), Ruhr University Bochum
(Germany) and Leuven University
(Belgium) published a paper that
questioned the safety of common encryption standards, creating a
worldwide panic within the technology community.
The recent attacks, commonly referred to as eFail, are
technically complex and require several steps. However, as
Hornetsecurity experts point out, the vulnerabilities discovered do
not impact the security protocols themselves but use already known
weaknesses in recipients' email clients to make them decrypt an
encrypted email and deliver it to the attacker, thereby bypassing
encryption protocols.
To get access to the content of an intercepted encrypted email,
one of the attacks works by building a new email consisting of a
corrupted HTML part, followed by the encrypted content. The
recipient's email client is then tricked by the corrupted HTML part
to decrypt the encrypted message and send the decrypted message
back to the attacker.
"This kind of unsubstantiated exaggeration doesn't help the
cause of increasing the wider use of encryption and providing
better overall security," Hornetsecurity CEO Oliver Dehning said. "Individuals and
institutions that claim to want to improve IT security have done a
disservice in this case by creating hysteria in numerous misleading
articles and in other unsubstantiated headlines related to
eFail."
Emails encrypted by Hornetsecurity are protected against attacks
of this kind because Hornetsecurity does not allow the different
content types (multipart/mixed) required for an attack. In
addition, the Hornetsecurity Encryption Service does not require
any client plug-ins. Encryption and decryption are fully automated
by Hornetsecurity in the cloud – no installation, maintenance or
user interaction is required. To further improve security of its
clients who are not using Hornetsecurity Encryption Service,
Hornetsecurity has included a new filter into its Spam Filter
service that recognizes and puts into quarantine emails exploiting
eFail by scanning for suspicious HTML manipulations.
About Hornetsecurity
Hornetsecurity has been focused
on cloud computing since 2007, when the company was founded by
Oliver Dehning and Daniel Hofmann in Hannover, Germany, where it maintains its
global headquarters. Today, Hornetsecurity has grown to more than
100 employees, offering comprehensive security solutions in the
fields of email security, web security and data storage to more
than 30,000 business customers around the world. In 2017,
Hornetsecurity opened a United
States base of operations in Pittsburgh.
More information can be found at http://www.hornetsecurity.com
and www.hornetdrive.com.
View original
content:http://www.prnewswire.com/news-releases/cloud-security-experts-at-hornetsecurity-dispute-headlines-questioning-email-encryption-standards-300649824.html
SOURCE Hornetsecurity