Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That tweet doesn't make a lot of sense, because it's essentially saying "don't let people send you images".


To the my inner armchair security enthusiast, a good solution looks like this:

  On incoming message, check one thing and one thing only: is the sender in the contact list? If YES...
     + Run the message through BlastDoor and continue as normal.
  If NOT…
     - Stop all non-essential parsing immediately.
     - Continue with a flow similar to modern e-mail clients (To increase your privacy, we have blocked some elements of this message).
     - Only continue normal message parsing if the user explicitly consents.


to me it says:

Only run the known dodgy parsing code on stuff coming from people in your contact list, not just on any random image that comes in.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: