Efail
F Rafi
farhanible at gmail.com
Wed May 16 15:49:25 CEST 2018
Oh man.. check a few of the previous list emails on this subject. They're
fairly detailed.
Farhan
On Wed, May 16, 2018 at 3:04 AM, eira wahlin <panina at nonbinary.me> wrote:
> Hi.
> I've been looking at a vulnerability in mail clients using pgp, described
> at efail.de. It is a technique where an attacker would inject a HTML IMG
> tag in an email, enveloping the encrypted text. This would send the
> cleartext message to the server inticated in the IMG tag.
>
> To me, it seems that this attack would be defeated by signing the
> encrypted message, which (to my knowledge) most email clients does by
> default.
>
> Am I missing something here? How do clients generally handle partially
> signed messages? Would they decrypt an encrypted message, if it would be
> enveloped in a cleartext IMG tag?
>
> Panina, malmö, sweden
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180516/c3da1211/attachment.html>
More information about the Gnupg-users
mailing list