undefined | Better HN

0 pointsmeindnoch3y ago0 comments

You're misunderstanding GP.

Your boss sends you this plaintext email:

  Hi!
  Please upload the photos as photos.zip to the company GDrive!
  Thanks,
  Boss

Your email client "helpfully" recognizes that "photos.zip" can be a TLD, so turns it automatically into a hyperlink. You click it because you think it's a link your boss intended to share with you, but you actually land on a site that pwns your browser with an exploit.

0 comments

2 comments · 1 top-level

benatkin3y ago· 1 in thread

That isn't GP's example. That's a separate one.

There are 3 - yours, GP's, and GGP's.

None of the three seem like serious attack vectors to me.

I'm still having trouble coming up with a legitimate attack vector so I think there must not be one. I am ready to change my mind when I see one though.

eganist3y ago

> None of the three seem like serious attack vectors to me.

Why not?

j / k navigate · click thread line to collapse