[Ach] filippo on SSL SMTP encryption

Aaron Zauner azet at azet.org
Wed Apr 1 20:57:31 CEST 2015


Jeroen Massar wrote:
> I am heavily hinting that these things are already happening.
> Thus that such an attack (injection of anything) is reality.

I know. But I'm not aware of that happening w.r.t. HPKP/HSTS headers.

> Actually the above attack caused every foreign connection to have the
> malicious injection. The local chinese, being inside the firewall, did
> not get the injection.

They injected a JavaScript Payload that opens connections to GitHub as a
DoS technique. How is that related to Denial of Service of security
headers we're discussing here?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150401/1e3738de/attachment.sig>

More information about the Ach mailing list