NZ Herald
  • Home
  • Latest news
  • Herald NOW
  • Video
  • New Zealand
  • Sport
  • World
  • Business
  • Entertainment
  • Podcasts
  • Quizzes
  • Opinion
  • Lifestyle
  • Travel
  • Viva
  • Weather

Subscriptions

  • Herald Premium
  • Viva Premium
  • The Listener
  • BusinessDesk

Sections

  • Latest news
  • New Zealand
    • All New Zealand
    • Crime
    • Politics
    • Education
    • Open Justice
    • Scam Update
  • Herald NOW
  • On The Up
  • World
    • All World
    • Australia
    • Asia
    • UK
    • United States
    • Middle East
    • Europe
    • Pacific
  • Business
    • All Business
    • MarketsSharesCurrencyCommoditiesStock TakesCrypto
    • Markets with Madison
    • Media Insider
    • Business analysis
    • Personal financeKiwiSaverInterest ratesTaxInvestment
    • EconomyInflationGDPOfficial cash rateEmployment
    • Small business
    • Business reportsMood of the BoardroomProject AucklandSustainable business and financeCapital markets reportAgribusiness reportInfrastructure reportDynamic business
    • Deloitte Top 200 Awards
    • CompaniesAged CareAgribusinessAirlinesBanking and financeConstructionEnergyFreight and logisticsHealthcareManufacturingMedia and MarketingRetailTelecommunicationsTourism
  • Opinion
    • All Opinion
    • Analysis
    • Editorials
    • Business analysis
    • Premium opinion
    • Letters to the editor
  • Politics
  • Sport
    • All Sport
    • OlympicsParalympics
    • RugbySuper RugbyNPCAll BlacksBlack FernsRugby sevensSchool rugby
    • CricketBlack CapsWhite Ferns
    • Racing
    • NetballSilver Ferns
    • LeagueWarriorsNRL
    • FootballWellington PhoenixAuckland FCAll WhitesFootball FernsEnglish Premier League
    • GolfNZ Open
    • MotorsportFormula 1
    • Boxing
    • UFC
    • BasketballNBABreakersTall BlacksTall Ferns
    • Tennis
    • Cycling
    • Athletics
    • SailingAmerica's CupSailGP
    • Rowing
  • Lifestyle
    • All Lifestyle
    • Viva - Food, fashion & beauty
    • Society Insider
    • Royals
    • Sex & relationships
    • Food & drinkRecipesRecipe collectionsRestaurant reviewsRestaurant bookings
    • Health & wellbeing
    • Fashion & beauty
    • Pets & animals
    • The Selection - Shop the trendsShop fashionShop beautyShop entertainmentShop giftsShop home & living
    • Milford's Investing Place
  • Entertainment
    • All Entertainment
    • TV
    • MoviesMovie reviews
    • MusicMusic reviews
    • BooksBook reviews
    • Culture
    • ReviewsBook reviewsMovie reviewsMusic reviewsRestaurant reviews
  • Travel
    • All Travel
    • News
    • New ZealandNorthlandAucklandWellingtonCanterburyOtago / QueenstownNelson-TasmanBest NZ beaches
    • International travelAustraliaPacific IslandsEuropeUKUSAAfricaAsia
    • Rail holidays
    • Cruise holidays
    • Ski holidays
    • Luxury travel
    • Adventure travel
  • Kāhu Māori news
  • Environment
    • All Environment
    • Our Green Future
  • Talanoa Pacific news
  • Property
    • All Property
    • Property Insider
    • Interest rates tracker
    • Residential property listings
    • Commercial property listings
  • Health
  • Technology
    • All Technology
    • AI
    • Social media
  • Rural
    • All Rural
    • Dairy farming
    • Sheep & beef farming
    • Horticulture
    • Animal health
    • Rural business
    • Rural life
    • Rural technology
    • Opinion
    • Audio & podcasts
  • Weather forecasts
    • All Weather forecasts
    • Kaitaia
    • Whangārei
    • Dargaville
    • Auckland
    • Thames
    • Tauranga
    • Hamilton
    • Whakatāne
    • Rotorua
    • Tokoroa
    • Te Kuiti
    • Taumaranui
    • Taupō
    • Gisborne
    • New Plymouth
    • Napier
    • Hastings
    • Dannevirke
    • Whanganui
    • Palmerston North
    • Levin
    • Paraparaumu
    • Masterton
    • Wellington
    • Motueka
    • Nelson
    • Blenheim
    • Westport
    • Reefton
    • Kaikōura
    • Greymouth
    • Hokitika
    • Christchurch
    • Ashburton
    • Timaru
    • Wānaka
    • Oamaru
    • Queenstown
    • Dunedin
    • Gore
    • Invercargill
  • Meet the journalists
  • Promotions & competitions
  • OneRoof property listings
  • Driven car news

Puzzles & Quizzes

  • Puzzles
    • All Puzzles
    • Sudoku
    • Code Cracker
    • Crosswords
    • Cryptic crossword
    • Wordsearch
  • Quizzes
    • All Quizzes
    • Morning quiz
    • Afternoon quiz
    • Sports quiz

Regions

  • Northland
    • All Northland
    • Far North
    • Kaitaia
    • Kerikeri
    • Kaikohe
    • Bay of Islands
    • Whangarei
    • Dargaville
    • Kaipara
    • Mangawhai
  • Auckland
  • Waikato
    • All Waikato
    • Hamilton
    • Coromandel & Hauraki
    • Matamata & Piako
    • Cambridge
    • Te Awamutu
    • Tokoroa & South Waikato
    • Taupō & Tūrangi
  • Bay of Plenty
    • All Bay of Plenty
    • Katikati
    • Tauranga
    • Mount Maunganui
    • Pāpāmoa
    • Te Puke
    • Whakatāne
  • Rotorua
  • Hawke's Bay
    • All Hawke's Bay
    • Napier
    • Hastings
    • Havelock North
    • Central Hawke's Bay
    • Wairoa
  • Taranaki
    • All Taranaki
    • Stratford
    • New Plymouth
    • Hāwera
  • Manawatū - Whanganui
    • All Manawatū - Whanganui
    • Whanganui
    • Palmerston North
    • Manawatū
    • Tararua
    • Horowhenua
  • Wellington
    • All Wellington
    • Kapiti
    • Wairarapa
    • Upper Hutt
    • Lower Hutt
  • Nelson & Tasman
    • All Nelson & Tasman
    • Motueka
    • Nelson
    • Tasman
  • Marlborough
  • West Coast
  • Canterbury
    • All Canterbury
    • Kaikōura
    • Christchurch
    • Ashburton
    • Timaru
  • Otago
    • All Otago
    • Oamaru
    • Dunedin
    • Balclutha
    • Alexandra
    • Queenstown
    • Wanaka
  • Southland
    • All Southland
    • Invercargill
    • Gore
    • Stewart Island
  • Gisborne

Media

  • Video
    • All Video
    • NZ news video
    • Herald NOW
    • Business news video
    • Politics news video
    • Sport video
    • World news video
    • Lifestyle video
    • Entertainment video
    • Travel video
    • Markets with Madison
    • Kea Kids news
  • Podcasts
    • All Podcasts
    • The Front Page
    • On the Tiles
    • Ask me Anything
    • The Little Things
  • Cartoons
  • Photo galleries
  • Today's Paper - E-editions
  • Photo sales
  • Classifieds

NZME Network

  • Advertise with NZME
  • OneRoof
  • Driven Car Guide
  • BusinessDesk
  • Newstalk ZB
  • Sunlive
  • ZM
  • The Hits
  • Coast
  • Radio Hauraki
  • The Alternative Commentary Collective
  • Gold
  • Flava
  • iHeart Radio
  • Hokonui
  • Radio Wanaka
  • iHeartCountry New Zealand
  • Restaurant Hub
  • NZME Events

SubscribeSign In
Advertisement
Advertise with NZME.
Home / Business

Juha Saarinen: Efail security scare fails to kill off email

Juha Saarinen
By Juha Saarinen
Tech blogger for nzherald.co.nz.·NZ Herald·
22 May, 2018 05:00 PM5 mins to read

Subscribe to listen

Access to Herald Premium articles require a Premium subscription. Subscribe now to listen.
Already a subscriber?  Sign in here

Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech.
‌
Save

    Share this article

Email will live on like the impossible to kill zombie it is. Photo / Getty Images

Email will live on like the impossible to kill zombie it is. Photo / Getty Images

Juha Saarinen
Opinion by Juha Saarinen
Tech writer for NZ Herald.
Learn more

Of all the internet applications out there, nothing much beats email for being popular yet dangerously flawed at the same time.

Email was designed to ensure messages reached their intended recipients, with no real thought given to making it secure.

This is why email carries spam, malware, tracking code and can be intercepted easily.

It's also simple to forge messages so that they appear to have been sent by someone you know, when in fact they were transmitted by malicious people.

Despite email being horrendously abused by every cyber miscreant under the sun, we continue to use it.

Advertisement
Advertise with NZME.
Advertisement
Advertise with NZME.

More than that, we entrust email to carry some very personal messages and information, business secrets and government business, thinking it's safe to do so when it really isn't.

Email addresses are even used as logins, which is just asking for it.

Over the years, there have been attempts at plugging the gaping security holes in email.

This includes scanning messages to filter out malicious ones, and encrypting communications between your mail program, the internet provider's server and onward links to recipients.

Yes, it's true that traffic wasn't encrypted in the past and some providers still leave it totally open.

Discover more

Opinion

Juha Saarinen: Getting online rugby ready for kick off

17 Apr 08:29 AM
Opinion

Juha Saarinen: Security flaw alleged in Census website

24 Apr 10:00 PM
Employment

No bright young coding techies for hire

01 May 08:43 AM
Business

Comment: What's the fuss about Google's AI?

15 May 07:10 AM

An earlier workaround to make it safer to send sensitive stuff over unencrypted channels was to scramble the email messages themselves. That way, even if messages were intercepted, only the person who had the correct digital key could read them.

Think of it as a super strong envelope around your message.

Advertisement
Advertise with NZME.

If you know what (Open)PGP stands for, then you're one of not very many patient techie people who've encrypted and decrypted messages (and other data) despite the software being a bear to use. I still use it every now and then, but it's rare to receive an encrypted message even though PGP has been around for decades.

Nevertheless, there are PGP emails with secrets that people don't want others to see.

When a bunch of German researchers said they'd found a weakness in the protocol that could be used to unscramble captured messages, security experts sat up and took notice.

Long story short, the researchers had found that a bug discovered almost two decades ago had not been patched by many email programs and addons. The researchers called it "Efail" (geddit?) and you can read about it on https://efail.de

The flaw meant attackers, who had somehow snagged encrypted messages, could send them again to the original recipient whose buggy mail program would decrypt the emails.

Then, by abusing web-style active content inserted in emails, attackers could get the clear text messages sent to them.

Advertisement
Advertise with NZME.

Efail is a real threat for the relatively few people who bother to encrypt messages in email programs; they should patch immediately, and never use HTML and other active content in emails (nor should anyone else, no matter how pretty it makes messages look).

Another threat along the same lines is described a few pages down in the researchers' paper. It involves the Secure Multipurpose Internet Mail Extension (S/MIME) cryptographic protocol and email gateways.

S/MIME is used by enterprises and governments. Deploying it via an email gateway that does the encryption and decryption heavy lifting, as opposed to in email programs, makes life less complicated for users and means you can do things like malware scanning and spam filtering.

However, S/MIME is also old tech and the flaw in that protocol that Efail exploits won't be fixed. It means attackers could try to use gateways to decrypt emails.

The possibility of that should have the Department of Internal Affairs, which operates the SEEMail gateway, worried.

DIA describes SEEMail as a "secure email environment between government agencies which protects information classified as IN-CONFIDENCE, SENSITIVE or RESTRICTED." All the juicy stuff that mustn't leak out, in other words.

Advertisement
Advertise with NZME.

A DIA spokesperson said they are assessing what impact the vulnerability has, if any, on SEEMail, and that "we continue to work alongside government agencies to ensure our security posture is appropriate."

What that means remains to be seen, ditto whether or not the vendor that supplied SEEMail to the Government can fix the issue - and there really does seem to be a problem.

How would you fix this then? If you've made it this far, and come to the conclusion that email is fundamentally broken despite all the desperate wallpapering over the cracks, we should stop using it.

Many security experts suggest moving to modern end-to-end encrypted messenger apps like Signal.

They make your communications securely encrypted easily, without having to manage public and private keys and other complications.

However email's formal, letter-oriented focus on individual messages that are searchable and archivable would be too hard to drop, for businesses and government organisations especially.

Advertisement
Advertise with NZME.

That, and using email addresses as logon credentials for essential services.

Sadly, this means email will live on like the impossible to kill zombie it is, and that there will be many more Efails coming up in the future.

Save

    Share this article

Latest from Business

Premium
Opinion

Roger Partridge: The Dutch lessons NZ needs for regulatory reform

02 Jul 09:00 PM
Media Insider

Inside the mind of a TV genius: The desperate tactic to get The Casketeers to air

02 Jul 08:46 PM
Business

UK bond rates, toll roads and scrutiny of SOE pay

Audi offers a sporty spin on city driving with the A3 Sportback and S3 Sportback

sponsored
Advertisement
Advertise with NZME.

Latest from Business

Premium
Roger Partridge: The Dutch lessons NZ needs for regulatory reform

Roger Partridge: The Dutch lessons NZ needs for regulatory reform

02 Jul 09:00 PM

OPINION: Dutch workers produce 51% more output while working 300 fewer hours annually.

Inside the mind of a TV genius: The desperate tactic to get The Casketeers to air

Inside the mind of a TV genius: The desperate tactic to get The Casketeers to air

02 Jul 08:46 PM
UK bond rates, toll roads and scrutiny of SOE pay

UK bond rates, toll roads and scrutiny of SOE pay

KidsCan founder on how an abusive relationship shaped her empathy

KidsCan founder on how an abusive relationship shaped her empathy

02 Jul 07:00 PM
Gold demand soars amid global turmoil
sponsored

Gold demand soars amid global turmoil

NZ Herald
  • About NZ Herald
  • Meet the journalists
  • Newsletters
  • Classifieds
  • Help & support
  • Contact us
  • House rules
  • Privacy Policy
  • Terms of use
  • Competition terms & conditions
  • Our use of AI
Subscriber Services
  • NZ Herald e-editions
  • Daily puzzles & quizzes
  • Manage your digital subscription
  • Manage your print subscription
  • Subscribe to the NZ Herald newspaper
  • Subscribe to Herald Premium
  • Gift a subscription
  • Subscriber FAQs
  • Subscription terms & conditions
  • Promotions and subscriber benefits
NZME Network
  • The New Zealand Herald
  • The Northland Age
  • The Northern Advocate
  • Waikato Herald
  • Bay of Plenty Times
  • Rotorua Daily Post
  • Hawke's Bay Today
  • Whanganui Chronicle
  • Viva
  • NZ Listener
  • Newstalk ZB
  • BusinessDesk
  • OneRoof
  • Driven Car Guide
  • iHeart Radio
  • Restaurant Hub
NZME
  • About NZME
  • NZME careers
  • Advertise with NZME
  • Digital self-service advertising
  • Book your classified ad
  • Photo sales
  • NZME Events
  • © Copyright 2025 NZME Publishing Limited
TOP