On Wed, Apr 08, 2020, Kevin Chadwick wrote: > You missed some out. I assume on purpose.
Wrong "assumption"; I did it to keep it short -- I included the info how someone could find the details. > So it does require internal users to make an action and a MITM or outbound > connection to an attacker controlled server and not an incoming connection... Yes, it requires you to send mail according to the exploit that was posted. I did not try it myself and I did not see a followup stating "this does not work". So if that example does not work, maybe someone can clarify? > Qualsys chose to call that remote, at a stretch. Either way, it does not > change It seems to be similar to "if you visit a compromised website"... Anyway, it doesn't seem to be productive to argue terminology etc, hence: sorry for the interruption and I stop now. - Address is valid for this mailing list only, please do not reply to it direcly, but to the list.
