On 05/15/2018 10:46 AM, Kurt Andersen (b) wrote:
People who run their GUI MUA to auto-decrypt and display undefanged HTML probably also run that client as root so the exploit is really quite a lot more risky than even the hype has made out.
I doubt that.I'm sure that some of the people that do run their MUA as root / administrator will also auto-decrypt and render HTML.
But I'm fairly confident that auto-decrypting and rendering HTML is far more prevalent than running the MUA as root.
It's trivial for an end user to get an MUA to do that without requiring administrative privileges at all. Some MUAs, like the iPhone, do this automatically and end users have to go way out of their way to get root level access.
IMHO Efail is completely an unprivileged user level target. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
