Today I found out that my article on #KoboldLetters inspired this work on #FicklePDFs: https://portswigger.net/research/fickle-pdfs-exploiting-browser-rendering-discrepancies
#KoboldLetters
One week ago we were at #BSidesMunich2024 and if you didn't get a chance to attend, you can now catch up by watching the recordings.
For example, @weddige's talk about Kobold Letters And Other Mischief: https://www.youtube.com/watch?v=ko9cwRM3BZU
the recording of my talk on #KoboldLetters and #SalamanderMIME is now on YouTube: https://www.youtube.com/watch?v=ko9cwRM3BZU
@lutrasecurity I'll be talking about Salamander/MIME and Kobold Letters at @BSidesMunich tomorrow:
I'm very happy to announce that I'll be speaking at #BSidesMunich2024 on 11th November about Kobold Letters and Other Mischief - How Emails Can Deceive You.
If you haven't got a ticket yet, you can get one here on 8th September: https://2024.bsidesmunich.org/tickets/
Follow @BSidesMunich for more updates.
Online Community of Practice (CoP) der Sollence® ACADEMY – Circle Cybersecurity
https://mobilizemuc.org/events/024d1c41-0149-41e4-9d1b-97a4cb25ad33
Google just awarded me a $100 bounty for #KoboldLetters in Gmail.
🇬🇧 The longer form of #blog posts has temporarily started to tire me out a bit, plus I have an additional project on the side for the blog that consumes some of my time. Because of this, lately I've been finding a lot of joy in writing shorter notes like this recent one about #KoboldLetters https://blog.tomaszdunia.pl/kobold-letters/. I can do it even on my phone, which is super convenient!
What do you think about this form of blogging?
🇵🇱 Dłuższa forma postów na #blog chwilowo zaczęła mnie trochę męczyć, plus mam dla bloga dodatkowy projekt na boku, który pochłania mi trochę czasu. Z uwagi na to ostatnio sporo radości sprawia mi pisanie takich krótszych notatek jak ta ostatnia o #KoboldLetters https://blog.tomaszdunia.pl/kobold-letters/. Mogę to robić nawet na telefonie, co jest super wygodne!
Co myślisz o takiej formie prowadzenia bloga?
🇵🇱 Nowy wpis na blogu! / 🇬🇧 New blog post!
Kobold Letters – ciekawy sposób ataku przez e-mail
#CSS #cyberbezpieczeństwo #cybersecurity #email #Gmail #HTML #KoboldLetters #Outlook #scam #Thunderbird
Autor: @to3k@tomaszdunia.pl
Oh, #koboldletters: (Visible) e-mail contents changing after forwarding. “This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.” — https://lutrasecurity.com/en/articles/kobold-letters/
Your answer to phishing is awareness?
That might be enough when you're up against a Nigerian prince, but when you're up against a kobold, it won't be enough.
We've looked at an attack strategy that (mis)uses HTML and CSS to create sophisticated phishing attacks that will fool even the most attentive reader.
The only solution: deactivating HTML emails altogether.
This is due to something I call #KoboldLetters. By cleverly (mis)using CSS, attackers can display completely different emails to different recipients.
The problems with HTML and CSS in emails have been known for a long time, but the security implications have usually been underestimated or actively downplayed. That's why I wrote an article explaining how HTML emails can be used to deceive recipients into becoming part of an sophisticated #phishing attack.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst