[$] OpenPGP signature spoofing using HTML

by
jake
from LWN.net on (#40MG5)

Beyond just encrypting messages, and thus providing secrecy, the OpenPGPstandard also enables digitally signing messages to authenticatethe sender. Email applications and plugins usually verify thesesignatures automatically and will show whether an email contains a validsignature. However, with a surprisingly simple attack, it's often possibleto fool users by faking - or spoofing - the indication of a valid signature usingHTML email.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments