Re: Repo with test cases for covert content attacks
Sebastian Schinzel wrote: > Those are two different papers. > > 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing > and the repo is here: > > https://github.com/RUB-NDS/Johnny-You-Are-Fired > > 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? -- > Covert Content Attacks on Email End-to-End Encryption' and it contains > some leftover attack cases that didn't make it into the Efail paper. It > aims at exfiltrating the plaintext of encrypted mails, but with some > degree of user interaction, e.g. replying to a malicious email. > > Lots of test cases and I am not aware of any current list of what MUA > fixed which issue (correctly or incorrectly). Thanks for pointing that out! Even if I no longer use online computers for encryption/decryption I may take the time and study the examples, once time permits. Best regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Repo with test cases for covert content attacks
Am 12.08.19 um 17:47 schrieb Stefan Claas via Gnupg-users: > Sebastian Schinzel wrote: > >> Dear all, >> >> Jens Müller just gave a talk at DEFCON about Covert Content Attacks >> against S/MIME and OpenPGP encryption and digital signatures in the >> email context. He just published the PoC emails that he used in the talk >> and they might be useful for further testing. >> >> https://github.com/RUB-NDS/Covert-Content-Attacks >> >> This is the paper describing the attacks from April 2019: >> >> https://arxiv.org/abs/1904.07550 > > Thanks for the info. I do no longer use a GPG plug-in MUA > combination, but are these 'Johnny you are fired' issues > already been resolved? I must admit I am a bit out of the > loop. Those are two different papers. 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing and the repo is here: https://github.com/RUB-NDS/Johnny-You-Are-Fired 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? -- Covert Content Attacks on Email End-to-End Encryption' and it contains some leftover attack cases that didn't make it into the Efail paper. It aims at exfiltrating the plaintext of encrypted mails, but with some degree of user interaction, e.g. replying to a malicious email. Lots of test cases and I am not aware of any current list of what MUA fixed which issue (correctly or incorrectly). Best, Sebastian ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Repo with test cases for covert content attacks
Sebastian Schinzel wrote: > Dear all, > > Jens Müller just gave a talk at DEFCON about Covert Content Attacks > against S/MIME and OpenPGP encryption and digital signatures in the > email context. He just published the PoC emails that he used in the talk > and they might be useful for further testing. > > https://github.com/RUB-NDS/Covert-Content-Attacks > > This is the paper describing the attacks from April 2019: > > https://arxiv.org/abs/1904.07550 Thanks for the info. I do no longer use a GPG plug-in MUA combination, but are these 'Johnny you are fired' issues already been resolved? I must admit I am a bit out of the loop. Regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Repo with test cases for covert content attacks
Dear all, Jens Müller just gave a talk at DEFCON about Covert Content Attacks against S/MIME and OpenPGP encryption and digital signatures in the email context. He just published the PoC emails that he used in the talk and they might be useful for further testing. https://github.com/RUB-NDS/Covert-Content-Attacks This is the paper describing the attacks from April 2019: https://arxiv.org/abs/1904.07550 Best, Sebastian ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users