[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Quote Line Prefixes in Linux Text Editors

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
From: Ben Tasker <ben@xxxxxxxxxxxxxxx>
Date: Sun, 16 Oct 2016 11:29:23 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 16 Oct 2016 06:29:43 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bentasker.co.uk; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=reyoqK22VkYLDWfV9zHfDZkdHmzyWP6dQ9ejn1Us2E8=; b=bKr0e3QxGSGBazdlZgiQ3HuqStHPnA6SfR5ATEXW1gfHQFqO01QAA0SumU68hG7Qds ks/tADwSYke8az8vpMDi+0TSrjrRobNclwQ+mdsLKsHYsOio1txWEEcGXbiHTgGaPB1s KC8YDJgG/jA7WBqbUXFn1xCX2nmDnaM9djf0Y=
In-reply-to: <58034375.4050108@copper.net>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <d9512a94eb6024222faf1ec3b8321193@openmailbox.org> <58034375.4050108@copper.net>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, Oct 16, 2016 at 10:08 AM, Jim <jimmymac@xxxxxxxxxx> wrote:

> bancfc@xxxxxxxxxxxxxxx wrote:
>
>> For security its recommended to compose messages outside the e-mail
>> client. There were at least two incidents where plaintext was leaked (claws
>> mail saving drafts unencrypted and Enigmail sending unencrypted messages).
>>
>
> Would you post links about these incidents?  (My google-fu may be a
> little weak, assuming these are recent incidents.)
>
>
I may be remembering the wrong incident, but I thought the Engimail issue
was (arguably) a little less serious than that - it was sending certain
headers unencrypted, so whilst the content was still encrypted there was
additional metadata available for analysis. Not great for sure, but a
little lower on the scale than described (and if that bug were still
present, composing in a text editor still wouldn't help). Might be some
other bug though?

The claws thing was bug 2965 -
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965 -
when sending a mail, the unencrypted version was written to the Queue
folder (and written to the server via IMAP) before being encrypted and sent.

I recall seeing something similar and less MUA specific as well, again
relating to the fact that drafts were being saved to the server, can't
remember where I saw that but here's an OS X specific one -
http://arstechnica.com/security/2014/01/secops-failure-gpggmail-on-osx-mavericks-may-store-unencrypted-drafts/



>
-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Quote Line Prefixes in Linux Text Editors
  - From: bancfc
- Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
  - From: Jim

Prev by Author: Re: [tor-talk] Tor and forward email to Spam folder.
Next by Author: Re: [tor-talk] Tor and forward email to Spam folder.
Previous by thread: Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
Next by thread: Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
Index(es):
- Author
- Thread