Bobinas P4G
  • Login

  • Public

    • Public
    • Groups
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Oneesan succubus (lain@pleroma.soykaf.com@pleroma.soykaf.com)'s status on Monday, 14-May-2018 09:04:30 UTC Oneesan succubus Oneesan succubus
    "The topic of that paper is that HTML is used as a back channel to create
    an oracle for modified encrypted mails. It is long known that HTML
    mails and in particular external links like <img href="tla.org/TAG"/>
    are evil if the MUA actually honors them (which many meanwhile seem to
    do again; see all these newsletters). Due to broken MIME parsers a
    bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
    it easy to plant such HTML snippets.

    There are two ways to mitigate this attack

    - Don't use HTML mails. Or if you really need to read them use a
    proper MIME parser and disallow any access to external links.

    - Use authenticated encryption."

    https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
    In conversation Monday, 14-May-2018 09:04:30 UTC from pleroma.soykaf.com permalink
  • Help
  • About
  • FAQ
  • Privacy
  • Source
  • Version
  • Contact

Bobinas P4G is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Bobinas P4G content and data are available under the Creative Commons Attribution 3.0 license.