[tor-talk] Quote Line Prefixes in Linux Text Editors

Ben Tasker ben at bentasker.co.uk
Sun Oct 16 10:29:23 UTC 2016


On Sun, Oct 16, 2016 at 10:08 AM, Jim <jimmymac at copper.net> wrote:

> bancfc at openmailbox.org wrote:
>
>> For security its recommended to compose messages outside the e-mail
>> client. There were at least two incidents where plaintext was leaked (claws
>> mail saving drafts unencrypted and Enigmail sending unencrypted messages).
>>
>
> Would you post links about these incidents?  (My google-fu may be a
> little weak, assuming these are recent incidents.)
>
>
I may be remembering the wrong incident, but I thought the Engimail issue
was (arguably) a little less serious than that - it was sending certain
headers unencrypted, so whilst the content was still encrypted there was
additional metadata available for analysis. Not great for sure, but a
little lower on the scale than described (and if that bug were still
present, composing in a text editor still wouldn't help). Might be some
other bug though?

The claws thing was bug 2965 -
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965 -
when sending a mail, the unencrypted version was written to the Queue
folder (and written to the server via IMAP) before being encrypted and sent.

I recall seeing something similar and less MUA specific as well, again
relating to the fact that drafts were being saved to the server, can't
remember where I saw that but here's an OS X specific one -
http://arstechnica.com/security/2014/01/secops-failure-gpggmail-on-osx-mavericks-may-store-unencrypted-drafts/



>
-- 
Ben Tasker
https://www.bentasker.co.uk


More information about the tor-talk mailing list