@kensanata Summary: MIME-Parsers are faulty, we knew that.
This attack is a neat trick to include a message I cannot decipher and send it someone else to decipher it and exfiltrate it back through a image URL or similar.
MUAs that call external URLs are a security risk. This was already known. This is just creatively using the problem to decipher a secret message.
@kensanata As far as I understood, the attack works as follows:
1) Alice sends Bob an encrypted message, I intercept it but cannot read it.
2) I craft a new email to Bob and include the crypted text as an MIME attachment.
3) Bob decrypts the complete email, through an error in his MIME parser, the decrypted text from Alice becomes part of a larger HTML text.
4) By displaying the HTML mail, the secret message may be exfiltrated as part of an URL.
Concerning the PGP & S/MIME security alert today, as far as I understood, the attack works as follows:
1) Alice sends Bob an encrypted message, I intercept it but cannot read it.
2) I craft a new email to Bob and include the crypted text as an MIME attachment.
3) Bob decrypts the complete email, through an error in his MIME parser, the decrypted text from Alice becomes part of a larger HTML text.
4) By displaying the HTML mail, the secret message may be exfiltrated as part of an URL.
If you're working a lot in the IT security area, you will inevitably become very adept in interpreting Tarot cards and reading tea leaves ;-).
Contrary to all expectations, no trolley was involved in the fatal autonomous car accident.
Currently the best page on the performance impact of the Meltdown/Spectre mitigation: https://www.phoronix.com/scan.php?page=article&item=linux-kpti-kvm&num=1
Current status: Trying to get a torpedo-stricken battleship combat ready. I was graciously provided with one roll of duct tape.
@dredmorbius Why do you call people to flag me as spammer? Neither did I spam nor did I put the pic in any wrong context.
@dredmorbius Why do you call people to flag me as spammer? Neither did I spam nor did I put the pic in any wrong context.
@dredmorbius What could possibly go wrong?
Concerning female tech talent, I think shows like Americas New Top Model are weapons of mass destruction. As dumb as Damore's memo was, compared to the impact of such shows he is small fry.
@dredmorbius That was logical as the guilty party owed Wergeld (english Weregild). Guilt resulted in debt. If you could or would not pay, a blood feud was the result.
Of Risk, Traffic Accidents, and Giant Flaming Meteors of Death
"The question of risk, and risk pricing has been on my mind. In particular, the difficulty in portraying the significance of small, contained, individual risk vs. global, catastrophic, highly correlated, and/or existential risk. This is a distinction which is poorly captured in much discussion...."
@dredmorbius Martin's law of risk perception: The perceived risk is proportional to the font size in the newspaper ;-).
Two weeks to go till my summer vacation this year. I feel deadly tired...
@ddeimeke Komisccher Provider...
@ddeimeke Deshalb bringe ich mir meines immer selber mit ;-)
@sydneyfalk I did not want to address the conservatives themselves. They are beyond my reach. But I want to address those people who elect them because they have a hope they may get help from those. I want to make clear these hopes are in vain. Not because conservative politicians are dishonest (though they may be) but because in order to "help" the rural areas, measures need to be implemented that conservatives never will approve.
Conservative politics are an easy sell in rural areas. But the problem is: they just *CANNOT* deliver.
To stop the decline of the rural America, a level of government intervention would be required that is 100% incompatible with the conservative core ideology.
https://plus.google.com/u/0/+KristianK%C3%B6hntopp/posts/6Y6szBDWu6w
