jasonmunro
commented
3 years ago I think we are safe from some of this, but I am definitely going to test it out :)
Open dumblob opened 3 years ago
jasonmunro
commented
3 years ago I think we are safe from some of this, but I am definitely going to test it out :)
marclaporte
commented
1 year ago @dumblob Any chance you could do a quick test?
dumblob
commented
1 year ago No time now to set up a current Cypht version. But let us fill the following table first:
| particular visual spoofing | permalink to source code line(s) dealing with it |
|---|---|
| URLs in email bodies (both in plain text and HTML) | MISSING |
| attachment names | MISSING |
| email addresses "everywhere" (in email headers, bodies, etc.) | MISSING |
| RTL/LTR domains | MISSING |
marclaporte
commented
1 month ago @dumblob
Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0
🗣 Suggestion
Current severe issues making it impossible to visually detect there is something wrong with the contents you're dealing with:
https://www.virtuesecurity.com/pentesting-user-interfaces/
Note, I didn't test this in Cypht, but I think there could be some more countermeasures implemented :wink:.