EFail - OpenPGP S/MIME Vulnerability
mirimir at riseup.net
Mon May 14 16:49:05 PDT 2018
On 05/14/2018 06:48 AM, grarpamp wrote:
> The EFAIL attacks break PGP and S/MIME email encryption by coercing
> clients into sending the full plaintext of the emails to the attacker.
> In a nutshell, EFAIL abuses active content of HTML emails, for example
> externally loaded images or styles, to exfiltrate plaintext through
> requested URLs. To create these exfiltration channels, the attacker
> first needs access to the encrypted emails, for example, by
> eavesdropping on network traffic, compromising email accounts, email
> servers, backup systems or client computers. The emails could even
> have been collected years ago.
Thanks. That's the clearest explanation I've seen.
More information about the cypherpunks