On Fri, Jul 11, 2014 at 2:12 PM, Richard Brooks <[email protected]> wrote:
> purports to be a secure email service. Did not look at it in > detail. Would be curious about critiques. Protonmail is (was?) vulnerable to the most trivial of reflective XSSes, executing scripts in email messages, which is catastrophic in a browser-based crypto program where the XSSed code can steal your keys: http://vimeo.com/99599725 Avoid! Avoid! -- Tony Arcieri
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
