On Wed, Apr 08, 2020, Kevin Chadwick wrote:
> You missed some out. I assume on purpose.
Wrong "assumption"; I did it to keep it short -- I included the
info how someone could find the details.
> So it does require internal users to make an action and a MITM or outbound
> connection to an attacker controlled server and not an incoming connection...
Yes, it requires you to send mail according to the exploit that was
posted. I did not try it myself and I did not see a followup stating
"this does not work". So if that example does not work, maybe someone
can clarify?
> Qualsys chose to call that remote, at a stretch. Either way, it does not change
It seems to be similar to "if you visit a compromised website"...
Anyway, it doesn't seem to be productive to argue terminology etc,
hence: sorry for the interruption and I stop now.
-
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.
No comments:
Post a Comment