Eliminating IT Service Frustration Finally and Forever Since 2003.
Get 2 free hours of service with On Call Computer Solutions, LLC.

Get 2 free hours of service with On Call Computer Solutions, LLC.Get 2 Hours of Service Free!

  • As a prospective client, I’d like to give you 2 FREE Hours of Computer Support, IT Consulting, Internet Marketing Consulting, or a Network Assessment as a get to know us offer. With this free support, you can get any of these nagging computer problems fixed for FREE:

    • Computer network crashes constantly
    • Slow speed and performance
    • Printers not working right
    • Applications giving you error messages, hanging up, or suddenly crashing
    • Internet is down (single user or company-wide outage)
    • 2nd opinion on a server install or pricing
    • Can’t send or receive e-mail
    • Can’t setup that “cool new gadget”, iPhone or Droid
    • Possible virus infection (single machine or company-wide)
    • Your website isn’t bringing you tons of well qualified leads… or maybe you don’t even have a website?!
    • Constant pop-up ads and spam or weird messages
    • Everything is all screwed up
    • Your employees are griping that they cannot work
    • You’re worried that your network is just not secure
    • You don’t know when the last time was you actually backed up your data or did a test restore to see if your data backup actually works!!

    Fine print: There is NO obligation to purchase anything or to ever use our services again.

  • Please, fill the form below and click 'Send'. Our specialist will contact you shortly.

    Remember there is NO obligation to buy or commit to anything.
    We are confident that we can help solving your IT problems.

Glitch in Encryption Tools Gives Hackers Ability to Forge Digital Signatures

eFail flaw leaves encryption users on guard and encryption providers in ‘patch’ mode

Digital Signature

Security researchers announced this week that a significant flaw exists among popular encryption tools that are used for encrypting correspondence and digital signatures. Any and all email encryption services that use OpenPGP standard and rely on GnuPG to encrypt their data and create digital signatures are subject to this wide-reaching security flaw.

Break Down: How the Encryption Security Hole Leaves Users Vulnerable

After a nearly month-long investigation, researchers have publically announced a series of security holes that have been dubbed ‘eFail.’ The eFail flaws were identified in PGP and S/Mime encryption tools and the glitches give cyber criminals the ability to uncover encrypted correspondence. The overall scope of this security flaw is hard to estimate, as most mainstream email providers – including Outlook, Apple Mail, and Thunderbird – have been impacted by the eFail glitches.

Even worse? The investigation revealed that eFail includes an input sanitization vulnerability, dubbed SigSpoof by software developer Marcus Brinkmann. This particular vulnerability allows hackers to forge digital signatures with stolen user ID data. Again, the impacts of these vulnerabilities are wide-reaching, affecting countless popular encryption applications including GnuPG, Enigmail, GPGTools, and python-gnupg. All of these providers have included patches for the vulnerability in their latest software updates.

According to experts, the vulnerabilities were made possible thanks to an OpenPGP protocol. Regularly, when a message arrives to the intended recipient, decryption occurs by separating the information and verifying a valid signature. This process occurs through the strategic separation of information using a file name system.

However, the investigation led by security researchers uncovered that the file name entry port allows for up to 255 characters, meaning it doesn’t get adequately sanitized in the decryption process. This makes it easier for cyber criminals to modify and alter file names and fraudulently gain access to confidential data. Once they’re able to gain access, cyber criminals can read encrypted messages in plain text and send fake messages via the application in hopes of spoofing digital signature verifications.

Patch Mode: Providers Scramble to Patch Flaw and Avoid Disaster 

This widespread loophole can have hugely devastating impacts on affected users. Besides the obvious risks of data breach and forgery, the investigation uncovered that the flaw holds the potential to maliciously infect enormous parts of a user’s core infrastructure. In addition to email encryption, GnuPG tools are used for backups and software updates; the extent of negative consequences is difficult to estimate.

The investigation wasn’t just speculation either. Researches demonstrated three pieces of evidence to establish just how easily encryption and signature data can be hacked and forged thanks to the loophole. So far, the best and only solution is for affected users to immediately implement the latest available software updates. Since patches have been created, updating to the latest software versions is the only concrete strategy for ensuring the loophole doesn’t continue to leave users vulnerable.

Check out this list of platform-specific update prompts:

Navigating the Digital Business Force: Vigilance and Proactivity are Critical

The bottom line is that operating as a business professional in an increasingly digital workforce means having to think about countless potential threats to data security – even in places one wouldn’t expect. It seems a new story is making headlines every week about some scary security flaw or devastating hack. But the reality is, with a proactive and level-headed approach, maintaining strong IT security standards for your organization doesn’t have to be a long and painful battle.

The first step, however, does involve accepting that there are simply some things out of your control. Hacks happen. Security holes happen. What matters most is that you and your team are prepared to respond and that you have a detailed plan for responding efficiently and effectively. It’s no secret that the worst time to think about cybersecurity planning is when you’re already in the midst of an attack. Proactivity is the key.

Being proactive involves more than reading about the latest hacks and telling your team to be on the lookout. It means getting emergency response plans on paper and providing detailed security awareness training for your team. It also may mean upping your network monitoring and management tools and delegating some IT responsibility to the professionals.

Does your team rely on some of the encryption tools mentioned in this article? Has your team updated all software with the latest patches? Do you often wonder about the vulnerabilities that are lurking in your company network? Are you overwhelmed trying to stay on top of seemingly endless cyber threats?

Stop thinking and take action. Maintaining a secure network doesn’t have to be expensive or overwhelming. Reaching out to a team of IT security veterans is the first step in taking control of your cybersecurity efforts. Today is the day to empower your business by reinforcing your security network instead of becoming the next victim of cybercrime.

We Are Proud To Partner With The Best Companies In Technology

  • Cisco Systems Registered Partner
  • Microsoft Small Business Specialist
  • Dell Federal Premier Partner
  • Rackspace Partner
  • Polycom Phones Partner
  • Freedom IQ VoIP Telephones Partner
  • VMWare Partner Professional
  • Godaddy Premier Partner and Office 365 Partner Provider
Subscribe to our newsletter and receive promotions and other sales.