Full Disclosure mailing list archives
Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 17 Jun 2013 14:53:28 -0400
On Mon, Jun 17, 2013 at 2:49 PM, Daniël W. Crompton < daniel.crompton () gmail com> wrote:
how would that work? AKAIK S/MIME is public key cryptography, how would you decrypt a message which is not encrypted with your public key?
Exactly. How does one decrypt when they don't hold the private key. That magic button would come in handy for a lot of folks. Jeff On 17 June 2013 20:17, Jeffrey Walton <noloader () gmail com> wrote:
On Mon, Jun 17, 2013 at 11:19 AM, ACROS Security Lists <lists () acros si> wrote:Valdis,No, that's how to do it *hardline*. There's many in the security industry that will explain to you that it's also doing it *wrong*. Hint - the first time that HR sends out a posting about a 3-day window next week to change your insurance plan without penalty, signs it with something that doesn't match the From:, and the help desk is deluged by phone calls from employees who can't read the mail, the guy who put "You shall not pass" in place will be starting a job hunt.If there was an industry standard specifying the you-shall-not-pass forall webbrowsers, it wouldn't be the guy (developer) who put this roadblock inplace thatwould start a job hunt but someone within the company whose job was toavoid theroadblock by making sure the cert that HR is using was okay. That wouldhappen acouple of times, and then not any more, as people have great capacityfor learning..... ... If I get an encrypted message that was mistakenly not encrypted with my key, it would be veryproductive tohave a "Just decrypt anyway" button but we obviously don't have that. ...A lot of folks would like to have that button ;)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Defence in Depth (Jun 15)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Daniël W . Crompton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Darius Jahandarie (Jun 18)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Alex (Jun 18)