cypht icon indicating copy to clipboard operation
cypht copied to clipboard

Published 20 hours ago verified publisher icon cypht-org

Security: visual spoofing of email (address, name), attachment name, etc.

Open dumblob opened this issue 3 years ago • 4 comments

🗣 Suggestion

Current severe issues making it impossible to visually detect there is something wrong with the contents you're dealing with:

https://www.virtuesecurity.com/pentesting-user-interfaces/

Note, I didn't test this in Cypht, but I think there could be some more countermeasures implemented :wink:.

dumblob avatar Jul 29 '20 21:07 dumblob

I think we are safe from some of this, but I am definitely going to test it out :)

jasonmunro avatar Jul 29 '20 22:07 jasonmunro

@dumblob Any chance you could do a quick test?

marclaporte avatar Jul 31 '22 19:07 marclaporte

No time now to set up a current Cypht version. But let us fill the following table first:

particular visual spoofing permalink to source code line(s) dealing with it
URLs in email bodies (both in plain text and HTML) MISSING
attachment names MISSING
email addresses "everywhere" (in email headers, bodies, etc.) MISSING
RTL/LTR domains MISSING

dumblob avatar Nov 07 '22 16:11 dumblob