EFail - OpenPGP S/MIME Vulnerability
catskillmarina at gmail.com
Mon May 14 22:05:30 PDT 2018
On 05/14/2018 07:49 PM, Mirimir wrote:
> On 05/14/2018 06:48 AM, grarpamp wrote:
>> The EFAIL attacks break PGP and S/MIME email encryption by coercing
>> clients into sending the full plaintext of the emails to the attacker.
>> In a nutshell, EFAIL abuses active content of HTML emails, for example
>> externally loaded images or styles, to exfiltrate plaintext through
>> requested URLs. To create these exfiltration channels, the attacker
>> first needs access to the encrypted emails, for example, by
>> eavesdropping on network traffic, compromising email accounts, email
>> servers, backup systems or client computers. The emails could even
>> have been collected years ago.
> Thanks. That's the clearest explanation I've seen.
Remember the campaign against HTML email ? I do.
We were right.
More information about the cypherpunks