[kwlug-disc] EFail: S/MIME & GPG
Mikalai Birukou
mb at 3nsoft.com
Mon May 14 11:24:32 EDT 2018
Random thoughts about efail
4) Isolation of contexts for encrypted and untrusted parts of the message.
5) XSS going wild. Qoute: "We used well-known Cross Site Scripting test
vectors and placed them in various header fields like Subject: as well
as in the mail body. We identified five mail clients which are prone to
JavaScript execution, allowing the construction of particularly flexible
backchannels."
On 2018-05-14 11:00 AM, Mikalai Birukou via kwlug-disc wrote:
> May be you've heard about efail paper:
> https://efail.de/efail-attack-paper.pdf
>
> Checkout Table 4, on page 11, to see if your setup is affected.
>
> Partial mitigation is to turn auto-decrypt. Messages can be decrypted,
> opened and viewed only when your detached from the net.
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
More information about the kwlug-disc
mailing list