On 5/14/2018 18:59, George Georgalis wrote:
What exactly is the threat? All I can put together is an attacker can encrypt a malicious html email which, when rendered, makes http requests. Not always a good thing, but no different than if a victim renders non-encrypted html email anyway. Is that correct?
My understanding is that if an attacker can pose as a man-in-the-middle for your email, they can modify an encrypted email so that when you receive it, it'll send the decrypted email to the attacker.
-- Name: Dave Huang | Mammal, mammal / their names are called / INet: [email protected] | they raise a paw / the bat, the cat / Telegram: @dahanc | dolphin and dog / koala bear and hog -- TMBG Dahan: Hani G Y+C 42 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
