|
|
|
|
|
|
by astrobe_
3207 days ago
|
|
|
> but they fail to establish that text-only email solves this problem in any meaningful way The quote from US-CERT isn't "meaningful"? FWIW, I'm the first to bitch about security experts that sacrifice usability in the name of security any day, but for once I completely agree with them. > Also, the reference to JavaScript in email leads me to question whether the authors have any idea what they're talking about. Mail clients don't execute JavaScript. https://stackoverflow.com/questions/3054315/is-javascript-su... And that's only until someone finds a way to make them execute Javascript anyway. I don't think it ever actually happened, but not using an HTML engine drastically reduces the attack surface for sure. |
|
|