Thread replies: 53
Thread images: 4
Thread images: 4
Anonymous
KMail Bug Sent Encrypted Emails in Plain-Text — for 4 years 2017-06-30 03:07:24 Post No. 61155575
[Report] Image search: [Google]
KMail Bug Sent Encrypted Emails in Plain-Text — for 4 years 2017-06-30 03:07:24 Post No. 61155575
[Report] Image search: [Google]
File: firefox_2017-06-30_08-06-00.png (295KB, 991x832px) Image search:
[Google]
295KB, 991x832px
KMail Bug Sent Encrypted Emails in Plain-Text — for 4 years
Anonymous
2017-06-30 03:07:24
Post No. 61155575
[Report]
>linux
>security
ahahaha
>>
>>61155575
>only affects send later
While I'll agree this is fucking stupid and unacceptable that's a pretty niche use case.
Still fucked though.
>>
>>61155575
>fr
mdr
>>
>open-source software
>safe
>>
no one uses e-mails anymore, fuck off
>>
File: 1490627330757.jpg (64KB, 409x720px) Image search:
[Google]
64KB, 409x720px
>>61155575
>Software bug
>Linux security, am i rite???
>>
>>61155620
/thread
>>
>>61155575
>KDE
hah
>>
>>61155575
It's KDE... they had it coming. Far too many features with no manpower to fix the bugs.
>>
>>61155575
Who even uses KMail kek
>>
Shouldnt people who use this shit verify everything? The developers too, but as users, if you are worried about encrypting, then you should check any software you use, and this should have been discovered earlier.
Unless it was and the devs ignored it which would be scandalously bad
>>
>>61156152
reading code is harder than writing it
it would literally be easier to write an email client than to audit someone else's
>>
File: kmail_dev.jpg (20KB, 500x334px) Image search:
[Google]
20KB, 500x334px
>>61155575
>>
>>61155575
>KDE
I'm not surprised.
>>
>expecting anything from KDE to be secure when plasmashell and krunner crash every few days
Whoever was affected deserved this
>>
Does anyone actually use KDEshit?
>>
>>61155575
Linux users don't have any friends to email anyway, and they send their whiny gaymergater rants in the clear.
>>
>in the last 4 years
lol
>>
>>61155620
Niche enough to nobody testing the feature.
But I can see why this feature is required in some scenarios.
Like when you need to send a secure email after a specific event like as a dead mans switch or after a news story breaks.
>>
I use KDE DE and it works great and >>61156959 for me it doesn't crash.
but I would never use Kmail. I mostly use webmail but whenever I do need client program I'd use Claws and whenever I set it up I always send test mails and look a the raw email to verify.
>>
Wow, so this is the power of free software.
>>
File: mutt-1.png (10KB, 128x128px) Image search:
[Google]
10KB, 128x128px
Use mutt
>>
>winbabies can't tell the difference between the kernel and a random program
>>
>>61157818
Some people do not want to pretend to be haxxors
>>
>>61156152
I think the bug went undiscovered for so long because virtually nobody uses "send later"
>>
>>61155620
Lincucks on damage control. Widows has video games, relevant softwar, and isn't made by NEETs for free because it's made by professionals.
>>
How did the security team sign off on this?
Hahahha nvm it's open source
>>
>>61157818
I use mutt every day but it's kinda shit. Redraw speed is terrible. You can't script it. HTML email is a pain. Manpages contain more words that your average novel.
I wish I could find the strength to write an email client that doesn't suck.
>>
Linux desktop security is terrible. It's not like Windows or mac OS are any better, but it still sucks, and what's worse is that people generally think it's actually secure, which makes them behave more carelessly.
The latest example I just saw: a popular metadata parser library that GNOME and KDE use isn't interested on fixing vulns: http://www.openwall.com/lists/oss-security/2017/06/30/1
So yeah, desktop userland is shitty and insecure, and the kernel is shitty and insecure too. The only option for a reasonably secure desktop is Qubes.
>>
>>61159433
Or Windows 10
>>
>>61155575
Old news and only existed because no one used send later.
>>
>>61155575
wtf is kmail and how is it related to linux ?
>>
>>61155575
>KDE
>>61157818
>mutt
>saving passwords in plaintext
Alpine is better.
>>
>>61159632
As long as Windows has all the old baggage around it, it's going to be pure garbage, even if it's Windows 20.
>>
>>61159686
You don't have to store the passwords in plaintext though.
>>
>>61159686
I like nail better, some distros launch the program if you type mail.
>>
>>61159632
Have you missed all the mpengine exploits from Tavis Ormandy? Microsoft literally has an unsandboxed JavaScript interpreter and x86 emulator scanning everything including browser traffic, and it runs as SYSTEM.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252
This is just the tip of the iceberg, there's also stuff like kernel font handling, which is incredibly complex and shitty and has thousands of special-cases for specific font glyphs: https://www.freetype.org/freetype2/docs/subpixel-hinting.html
Not to mention all the outdated and vulnerable protocols, all the super hacky code that we've seen in the leaks...
Windows is just a fucking mess and they aren't going to start from zero because they'd lose the only reason their customers use it: legacy business software. There's a reason why Google forbids its employees to use it.
>>
>>61159858
Didn't they move font rendering to userspace with win10?
>>
>>61159197
>Redraw speed is terrible.
Are you running on a 486 or something?
>>
>>61159898
Even if they did, they added a bunch of deliberate backdoors and spyware so it was a net loss of security.
>>
>>61159919
Nope, but my mutt terminal is 150 columns by 112 lines.
What's really weird is that newsbeuter handles redrawing just fine.
>>
Who here uses the original Unix mail?
>>
>>61155841
"hey anon, can you copy everyone on an update at the end of the day?"
"yeah sure boss, what's your discord username? ..wait do you have snapchat, i'll just send you a video.. no wait I'll just text everyone in a group message and I'll just relay the message back to everyone else individually.. actually wait are you guys on facebook??"
>>
>>61158031
>nobody uses "KMail"
ftfy
>>
kmail? literally who?
>>
>>61155575
>kshit
>linux
pick one, I never allow any k* package on my linux machine
>>
>>61159433
At least Linux tries to secure
Windows let's anything run and never fixes bugs without MSM reporting on it because of ransomware
Mac is just Linux with user accessable backdoors when they forget their password
>>
>>61155575
>KDE
I think KTorrent also had this ridiculous bug that any file could be read/written remotely.
Makes me nervous about using other K-shit.
>>
>>61160209
It's either secure, or it isn't.
If you're on the internet, the data you transmit doesn't belong to you. You can pretend! But you'd be delusional. All you can do is maybe encrypt your data properly and hide your keys on an airgap. Your machine (regardless of how secure you think it is) is probably somehow weak enough to be exploited in some way if it's connected to the internet.
>>
>>61160209
>At least Linux tries to secure
Not really. Security isn't a priority, a lot of desktop software upstream doesn't care, and a whole other lot is abandoned and won't be fixed or hardened. The kernel situation is pretty bad too, Linus openly insults the grsecurity people and recently called their patches garbage, the very same people that have invented modern mitigation techniques that have made their way to other OSs. The KSPP is a joke, Red Hat has just hired some monkeys to copy-paste grsecurity code but since they don't understand it and often botcher the result is usually bad (they've already introduced vulnerabilities by doing this).
As I've said, just use Qubes and use instanced VMs to do your random browsing. Modern desktop OS running on bare metal considered harmful.
>>
>>61155575
What the fuck is KMail? I literally never heard of it.
>>
>>61160209
Yea because osx has more backdoors than Ubuntu or debian which were both developed with help from nsa
>>
i like using protonmail because i don't want to have all communications stored locally. it just seems optimal.
Thread posts: 53
Thread images: 4
Thread images: 4