Full Disclosure mailing list archives
Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 17 Jun 2013 14:17:06 -0400
On Mon, Jun 17, 2013 at 11:19 AM, ACROS Security Lists <lists () acros si> wrote:
Valdis,No, that's how to do it *hardline*. There's many in the security industry that will explain to you that it's also doing it *wrong*. Hint - the first time that HR sends out a posting about a 3-day window next week to change your insurance plan without penalty, signs it with something that doesn't match the From:, and the help desk is deluged by phone calls from employees who can't read the mail, the guy who put "You shall not pass" in place will be starting a job hunt.If there was an industry standard specifying the you-shall-not-pass for all web browsers, it wouldn't be the guy (developer) who put this roadblock in place that would start a job hunt but someone within the company whose job was to avoid the roadblock by making sure the cert that HR is using was okay. That would happen a couple of times, and then not any more, as people have great capacity for learning. .... ... If I get an encrypted message that was mistakenly not encrypted with my key, it would be very productive to have a "Just decrypt anyway" button but we obviously don't have that. ...
A lot of folks would like to have that button ;) Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Defence in Depth (Jun 15)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Daniƫl W . Crompton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Darius Jahandarie (Jun 18)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Alex (Jun 18)