To avoid having their OpenPGP keys exposed, Thunderbird users should update their email client to version 78.10.2 which protects against the bug. Figure 3: Configure your own mail filters. Figure 2: Changing the format of the date columns requires a hack. Thus, I’m thinking about using this app too. My sister also told me that this app has all that she needs. Moreover, works not only with mail but with the calendar and tasks too. But all my friends who are using it told me that it’s pretty convenient, fast, and easy to use. export LCTIMEenDK.UTF-8 & seamonkey -mail. Honestly, I haven’t used Mozilla Thunderbird. I use this trick in the launcher command to fx it. According to data from Litmus Email Analytics, the Mozilla email client accounted for just 0.5 per cent of all email opened across all devices in Q1 2019 - up from 0.1 per cent in Q2 2018, but well behind Outlook's 9.2 per cent or Apple Mail's 7.8 per cent. However, after the rewrite, the keys were protected using the client's automatic OpenPGP password before being copied to to the permanent storage area.Įngert and the reviewer assumed that the protection to the secret key would be preserved when copying it to the other storage area but this turned out to not be the case which led to users' OpenPGP keys being stored in plain text. Currently, Thunderbird and SeaMonkey do not provide an easy way to customise the date columns. Before the code rewrite, the email client would copy a key to the permanent storage area and then protect it using Thunderbird's automatic OpenPGP password. If entered correctly, the symmetric key will be unlocked and remembered for the remainder of the session, and any protected secrets can be unlocked as needed.”Įngert also explained that Thunderbird's key-handling processes had been rewritten in order to maintain their security and this is when the vulnerability was introduced. “As soon as the user has configured a master password, the first time any of the stored secrets is required by Firefox/Thunderbird, the user will be prompted to enter it. In a new report from The Register, the news outlet spoke with security software developer Kai Engert at the Mozilla Thunderbird Project who explained how master passwords are used by Firefox and Thunderbird to access stored secrets, saying: Mozilla's open source email client Thunderbird has been saving the OpenPGP keys of some users in plain text for the past few months following a code rewrite. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions.” OpenPGP keys The master password protection was inactive for those keys. “OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |