Repo with test cases for covert content attacks
Stefan Claas
sac at 300baud.de
Mon Aug 12 22:28:09 CEST 2019
Sebastian Schinzel wrote:
> Those are two different papers.
>
> 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing
> and the repo is here:
>
> https://github.com/RUB-NDS/Johnny-You-Are-Fired
>
> 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? --
> Covert Content Attacks on Email End-to-End Encryption' and it contains
> some leftover attack cases that didn't make it into the Efail paper. It
> aims at exfiltrating the plaintext of encrypted mails, but with some
> degree of user interaction, e.g. replying to a malicious email.
>
> Lots of test cases and I am not aware of any current list of what MUA
> fixed which issue (correctly or incorrectly).
Thanks for pointing that out! Even if I no longer use online computers
for encryption/decryption I may take the time and study the examples,
once time permits.
Best regards
Stefan
--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
More information about the Gnupg-users
mailing list