More mail madness?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a security issue certainly, but it is a particular type of issue that arises from attempting to analyze the security of a large and complex system built from parts whose interactions as so complicated that they are never likely to be sufficiently understood.


Basically the attack is to create a new multipart MIME message and sandwich the ciphertexts we wish to break between chunks of HTML with a URL reference to a web server we control.

This sort of attack could be devastating in certain situations.


The other attack they describe, the CBC gadget attack is one that I have already been using a control against. I use a key derivation function to calculate IVs rather than passing them in-band. I started doing this because it cleans up the message flows a lot but it also turns out to have security advantages.

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux