NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: security clarification, efail-attack-paper.pdf
> On May 15, 2018, at 12:55 AM, Dave Huang <khym%azeotrope.org@localhost> wrote:
>
>> On 5/14/2018 18:59, George Georgalis wrote:
>> What exactly is the threat? All I can put together is an attacker can encrypt a malicious html email which, when rendered, makes http requests. Not always a good thing, but no different than if a victim renders non-encrypted html email anyway. Is that correct?
>
> My understanding is that if an attacker can pose as a man-in-the-middle for your email, they can modify an encrypted email so that when you receive it, it'll send the decrypted email to the attacker.
>
> --
>
This was my understanding of the most obvious attack as well.
Another one might be to email someone an encrypted file you ready have to get it decrypted for you (passwords.txt.pgp found in your company git repo or something)
I thought the risk seemed lowish but I am not as creative as evil hackers tend to be. :)
Home |
Main Index |
Thread Index |
Old Index