Re: security clarification, efail-attack-paper.pdf

To: netbsd-users <netbsd-users%netbsd.org@localhost>
Subject: Re: security clarification, efail-attack-paper.pdf
From: Dave Huang <khym%azeotrope.org@localhost>
Date: Mon, 14 May 2018 23:55:24 -0500

On 5/14/2018 18:59, George Georgalis wrote:

What exactly is the threat? All I can put together is an attacker canencrypt a malicious html email which, when rendered, makes httprequests. Not always a good thing, but no different than if a victimrenders non-encrypted html email anyway. Is that correct?

My understanding is that if an attacker can pose as a man-in-the-middlefor your email, they can modify an encrypted email so that when youreceive it, it'll send the decrypted email to the attacker.


--
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
Telegram: @dahanc        |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 42 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++

Follow-Ups:
- Re: security clarification, efail-attack-paper.pdf
  - From: Matt Sporleder

References:
- security clarification, efail-attack-paper.pdf
  - From: George Georgalis

Prev by Date: security clarification, efail-attack-paper.pdf
Next by Date: Re: security clarification, efail-attack-paper.pdf
Previous by Thread: security clarification, efail-attack-paper.pdf
Next by Thread: Re: security clarification, efail-attack-paper.pdf
Indexes:

Home | Main Index | Thread Index | Old Index