Repo with test cases for covert content attacks

Stefan Claas sac at 300baud.de
Mon Aug 12 22:28:09 CEST 2019


Sebastian Schinzel wrote:

> Those are two different papers.
> 
> 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing
> and the repo is here:
> 
> https://github.com/RUB-NDS/Johnny-You-Are-Fired
> 
> 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? --
> Covert Content Attacks on Email End-to-End Encryption' and it contains
> some leftover attack cases that didn't make it into the Efail paper. It
> aims at exfiltrating the plaintext of encrypted mails, but with some
> degree of user interaction, e.g. replying to a malicious email.
> 
> Lots of test cases and I am not aware of any current list of what MUA
> fixed which issue (correctly or incorrectly).

Thanks for pointing that out! Even if I no longer use online computers
for encryption/decryption I may take the time and study the examples,
once time permits.

Best regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)



More information about the Gnupg-users mailing list