Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Facebook positive step to use PGP for sending encrypted notification emails

Facebook users can add PGP keys to their profiles in order to receive “end-to-end” encrypted notification emails sent from Facebook. On June 1, 2015, Facebook announced a new security feature to enhance the privacy of notification email content. Now, Facebook users are able to add PGP keys to their profiles in order to receive “end-to-end” […]

Facebook positive step to use PGP for sending encrypted notification emails

Facebook users can add PGP keys to their profiles in order to receive “end-to-end” encrypted notification emails sent from Facebook.

On June 1, 2015, Facebook announced a new security feature to enhance the privacy of notification email content. Now, Facebook users are able to add PGP keys to their profiles in order to receive “end-to-end” encrypted notification emails sent from Facebook to their preferred email accounts. Also, this feature allows users to share OpenPGP keys from their profiles, with or without enabling encrypted notifications. Using PGP technology to send emails keeps potentially sensitive messages out of the hands of hackers and other snoopers.

As this feature is enabled, notification emails will be encrypted via the public keys provided by users. These may include account recovery notification emails. Therefore, if users cannot decrypt messages in the future due to loss of keys or other issues and if users also become locked out of Facebook, recovery of Facebook account may not be possible.

PGP stands for Pretty Good Privacy and created by Phil Zimmermann in 1991. This is known as one of the most popular email encryption standards that uses public key cryptography and Facebook has chosen to use GNU Privacy Guard – “GPG” – a widely used and free implementation of the OpenPGP standard.

Facebook took a major step forward to improve the privacy of users that is admired by security experts like Alex Stamos, Yahoo’s CISO.

“Great work by the Facebook team!” he twitted.

After users enable this feature, Facebook send an email containing an attachment named encrypted.asc that must be decrypted to retrieve a required link for finalizing enablement of encrypted notification emails.

facebook pgp notification

Facebook’s move will bring encryption to the fore, but the problem here, of course, is that most people have no idea how public-key cryptography works and how to even get started with it.

About the Author

Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.

Edited by Pierluigi Paganini

(Security Affairs –  Facebook , PGP)