Jean-Marc Desperrier wrote on 7/24/2009 1:09 PM: > The most serious attack seem to me to be than the attacker can know > *when* exactly you read any given mail.
I hadn't thought of that, but I do now see that as a reason to turn it off entirely for any messaging application. You're right, it wouldn't be too hard to marry wildcard DNS with specially-crafted tracking links to know when the user has viewed the message (which is why many messaging applications disable remote image fetching by default). - Bil _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
