Konstantin WeddigeMy wife got me axolotl socks 😍
I had her draw the logo for #SalamanderMIME, so that's her way of connecting with my work.
Lutra SecurityOne week ago we were at #BSidesMunich2024 and if you didn't get a chance to attend, you can now catch up by watching the recordings.
For example, @weddige's talk about Kobold Letters And Other Mischief: https://www.youtube.com/watch?v=ko9cwRM3BZU
Kobold Letters And Other Mischief: How Emails Can Deceive You - Konstantin Weddige
the recording of my talk on #KoboldLetters and #SalamanderMIME is now on YouTube: https://www.youtube.com/watch?v=ko9cwRM3BZU
Kobold Letters And Other Mischief: How Emails Can Deceive You - Konstantin Weddige
Have you ever wondered what it means when you get an email that is encrypted but not signed? At the very least, it's better than being completely unencrypted, isn't it?
It turns out that's not necessarily the case. I've looked at S/MIME and found that it is possible to construct messages that, when sent to multiple recipients, are decrypted into completely different messages:
Salamander/MIME – Lutra Security
If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that tell each recipient a different story. Let’s talk about Salamander/MIME.
@lutrasecurity I'll be talking about Salamander/MIME and Kobold Letters at @BSidesMunich tomorrow:
Can you trust what you decrypt? In this article, we look at S/MIME-encrypted emails and exploit them to take the recipients into alternate versions of reality.
Salamander/MIME – Lutra Security
If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that tell each recipient a different story. Let’s talk about Salamander/MIME.