[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy

Subject: Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 12 Feb 2014 15:12:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 12 Feb 2014 10:13:08 -0500
In-reply-to: <043.8a6522e37c25f94bd19918bef3efc500@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.8a6522e37c25f94bd19918bef3efc500@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10836: Enable mail account autoconfig dialog in TorBirdy
-----------------------------+-----------------
     Reporter:  ben          |      Owner:  ben
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  TorBirdy     |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------

Comment (by ben):

 Please remember that
 1) The user manually reviews and approves the config
 2) We warn about insecure configs.

 So, in order to successfully attack, you not only have to attach the
 autoconfig algos, but *also* make your user a phishing victim, e.g. either
 by him turning a blind eye on hostname 123.234.265.123 or registering a
 real domain like googleemailservices.com . We put that user verification
 in there quite deliberately as an additional security measure.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10836#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10894 [Tor Launcher]: Please make it clearer that help desk is not a bridge autoresponder
Next by Author: Re: [tor-bugs] #10610 [Tor Launcher]: Tor Browser users don't know if their network is free of obstacles or not
Previous by thread: Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
Next by thread: Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
Index(es):
- Author
- Thread