[liberationtech] Allegedly secure email service
Tony Arcieri
bascule at gmail.com
Sun Jul 13 09:57:47 PDT 2014
On Fri, Jul 11, 2014 at 2:12 PM, Richard Brooks <rrb at g.clemson.edu> wrote:
> purports to be a secure email service. Did not look at it in
> detail. Would be curious about critiques.
Protonmail is (was?) vulnerable to the most trivial of reflective XSSes,
executing scripts in email messages, which is catastrophic in a
browser-based crypto program where the XSSed code can steal your keys:
http://vimeo.com/99599725
Avoid! Avoid!
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140713/3eece631/attachment.html>
More information about the liberationtech
mailing list