If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that tell each recipient a different story. Let’s talk about Salamander/MIME.
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.
Since NIST updated its password recommendations in 2017, a lot has changed. Although there are still plenty of applications that rely on the old-fashioned complexity-based rules (lower case, upper case, numbers, special characters… you know the drill), a lot has improved.
Comments from the Fediverse
When I got rid of my previous Django-based website and switched to Hugo, the idea was to have a low-maintenance website. I didn’t have much time and all the content was quite old. However, I always had the idea of bringing back some of the old content and even adding new articles at some point. In the last few months I’ve been writing articles for Lutra Security and perhaps it’s time to revive this site as well.
If we reinvent the wheel, it’s safe to say that initially it probably won’t run as smoothly as the one that’s been around for more than 6,000 years. So if all you need is a wheel and you’re not trying to sell a new wheel, it’s a good idea to stick with the existing design. The same goes for software. If you just need a functionality, the best solution is usually to use something that already exists, a library that has already implemented it.