EFail - OpenPGP S/MIME Vulnerability
Shawn K. Quinn
skquinn at rushpost.com
Wed May 16 17:27:33 PDT 2018
On 05/15/2018 12:05 AM, Marina Brown wrote:
> Remember the campaign against HTML email ? I do.
> We were right.
The campaign is still ongoing. Maybe we have lost in the case of the
vast majority of marketing/advertising lists, but Thunderbird and other
email clients (thankfully) offer the option to not automatically load
external links by default.
I do think a future version (actually, the next version) of Thunderbird
and/or Enigmail need to put up a big huge "danger" warning when they
detect HTML email mixed with encrypted content, especially when it looks
like someone has tried to put an encrypted blob as the destination of a
link (which as I understand it, is how this exploit works). There's no
good reason to do this, and plenty of bad reasons.
--
Shawn K. Quinn <skquinn at rushpost.com>
http://www.rantroulette.com
http://www.skqrecordquest.com
More information about the cypherpunks
mailing list