[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EFail - OpenPGP S/MIME Vulnerability

Subject: EFail - OpenPGP S/MIME Vulnerability
From: skquinn at rushpost.com (Shawn K. Quinn)
Date: Wed, 16 May 2018 19:27:33 -0500
In-reply-to: <[email protected]>
References: <CAD2Ti2_u_=Tvvp0nGwGkvj1pUKj+UAn9UdhkGKfr_DVpb2hQWg@mail.gmail.com> <[email protected]> <[email protected]>

On 05/15/2018 12:05 AM, Marina Brown wrote:
> Remember the campaign against HTML email ? I do.
> We were right.

The campaign is still ongoing. Maybe we have lost in the case of the
vast majority of marketing/advertising lists, but Thunderbird and other
email clients (thankfully) offer the option to not automatically load
external links by default.

I do think a future version (actually, the next version) of Thunderbird
and/or Enigmail need to put up a big huge "danger" warning when they
detect HTML email mixed with encrypted content, especially when it looks
like someone has tried to put an encrypted blob as the destination of a
link (which as I understand it, is how this exploit works). There's no
good reason to do this, and plenty of bad reasons.

-- 
Shawn K. Quinn <skquinn at rushpost.com>
http://www.rantroulette.com
http://www.skqrecordquest.com

Follow-Ups:
- EFail - OpenPGP S/MIME Vulnerability
  - From: mirimir at riseup.net (Mirimir)

References:
- EFail - OpenPGP S/MIME Vulnerability
  - From: grarpamp at gmail.com (grarpamp)
- EFail - OpenPGP S/MIME Vulnerability
  - From: mirimir at riseup.net (Mirimir)
- EFail - OpenPGP S/MIME Vulnerability
  - From: catskillmarina at gmail.com (Marina Brown)

Prev by Date: Tor Project Picks New Executive Director, Old One Joins Board
Next by Date: EFail - OpenPGP S/MIME Vulnerability
Previous by thread: EFail - OpenPGP S/MIME Vulnerability
Next by thread: EFail - OpenPGP S/MIME Vulnerability
Index(es):
- Date
- Thread