On 14 Jul 2018, at 15:32 (-0400), Dave C wrote:
https://www.csoonline.com/article/3272067/security/researchers-warn-pgp-and-smime-users-of-serious-vulnerabilities.html
I didn’t see any mention of MM in the announcement (which has been
updated several times).
It was mentioned in the (now very stale) original description of the
problem at https://efail.de. As already said, Benny fixed MM's narrow
susceptibility to the problem before it was published.
The solution in general to this class of "vulnerability" is to simple:
do not generate HTML email, do not ever load any type of remote URLs in
any messages without having consciously evaluated the specific
trustworthiness of each URL source (not just the message source,) and do
not by default interpret HTML in any message for rendering.
(Yeah, I know... Why would anyone listen to me on that matter now after
ignoring me and many others for the past ~25 years? )
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate
