NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security clarification, efail-attack-paper.pdf



On 5/14/2018 18:59, George Georgalis wrote:
What exactly is the threat? All I can put together is an attacker can encrypt a malicious html email which, when rendered, makes http requests. Not always a good thing, but no different than if a victim renders non-encrypted html email anyway. Is that correct?

My understanding is that if an attacker can pose as a man-in-the-middle for your email, they can modify an encrypted email so that when you receive it, it'll send the decrypted email to the attacker.

--
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
Telegram: @dahanc        |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 42 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++



Home | Main Index | Thread Index | Old Index