On 05/15/2018 10:46 AM, Kurt Andersen (b) wrote:
People who run their GUI MUA to auto-decrypt and display undefanged HTML
probably also run that client as root so the exploit is really quite a
lot more risky than even the hype has made out.
I doubt that.
I'm sure that some of the people that
On 05/15/2018 10:33 AM, Paul Rock wrote:
You're tapping next next next in your email client, the client loads my
message, sends me the decrypted text, and you scratch your head
wondering why you got two copies of the message.
The recipient shouldn't see the second copy of the decrypted
On 05/15/2018 10:09 AM, John Levine wrote:
I suppose, for the 10 seconds from the time the message is created until
the attacker's MTA signs it on the way out. The bad guy can put a return
address he controls on the malicious message and make the whole thing
DMARC compliant.
There is a much
If someone tries some sort of man in the middle inline injection attack to
pull this off, sure, I can see DKIM catching that. But the really really
nasty bit is the assumption is that you (the target) are running an email
client that automatically decrypts any inbound message and render's the
HTML
In article <66d513ca-f33d-748b-e394-bceb6e1da...@spamtrap.tnetconsulting.net>
you write:
>-=-=-=-=-=-
>
>On 05/15/2018 08:15 AM, Kurt Andersen wrote:
>> Manipulating MIME structures in email messages to expose the encrypted
>> content: https://efail.de/
>
>DKIM will not help protect against
On 05/15/2018 08:15 AM, Kurt Andersen wrote:
Manipulating MIME structures in email messages to expose the encrypted
content: https://efail.de/
DKIM will not help protect against #Efail.
Efail works by copying ciphertext into a new message and arranging for
the client to decrypt it. Said new
> On May 15, 2018, at 7:15 AM, Kurt Andersen wrote:
>
> Manipulating MIME structures in email messages to expose the encrypted
> content: https://efail.de/
While I'd agree that the whole efail thing is a little over-hyped, I don't see
where in the exploit
process having
Manipulating MIME structures in email messages to expose the encrypted
content: https://efail.de/
--Kurt
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc