[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Quote Line Prefixes in Linux Text Editors



On Sun, Oct 16, 2016 at 10:08 AM, Jim <jimmymac@xxxxxxxxxx> wrote:

> bancfc@xxxxxxxxxxxxxxx wrote:
>
>> For security its recommended to compose messages outside the e-mail
>> client. There were at least two incidents where plaintext was leaked (claws
>> mail saving drafts unencrypted and Enigmail sending unencrypted messages).
>>
>
> Would you post links about these incidents?  (My google-fu may be a
> little weak, assuming these are recent incidents.)
>
>
I may be remembering the wrong incident, but I thought the Engimail issue
was (arguably) a little less serious than that - it was sending certain
headers unencrypted, so whilst the content was still encrypted there was
additional metadata available for analysis. Not great for sure, but a
little lower on the scale than described (and if that bug were still
present, composing in a text editor still wouldn't help). Might be some
other bug though?

The claws thing was bug 2965 -
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965 -
when sending a mail, the unencrypted version was written to the Queue
folder (and written to the server via IMAP) before being encrypted and sent.

I recall seeing something similar and less MUA specific as well, again
relating to the fact that drafts were being saved to the server, can't
remember where I saw that but here's an OS X specific one -
http://arstechnica.com/security/2014/01/secops-failure-gpggmail-on-osx-mavericks-may-store-unencrypted-drafts/



>
-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk