Repo with test cases for covert content attacks
sac at 300baud.de
Mon Aug 12 22:28:09 CEST 2019
Sebastian Schinzel wrote:
> Those are two different papers.
> 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing
> and the repo is here:
> 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? --
> Covert Content Attacks on Email End-to-End Encryption' and it contains
> some leftover attack cases that didn't make it into the Efail paper. It
> aims at exfiltrating the plaintext of encrypted mails, but with some
> degree of user interaction, e.g. replying to a malicious email.
> Lots of test cases and I am not aware of any current list of what MUA
> fixed which issue (correctly or incorrectly).
Thanks for pointing that out! Even if I no longer use online computers
for encryption/decryption I may take the time and study the examples,
once time permits.
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
More information about the Gnupg-users