Hallo everybody, since a week I am a bit frightend: I got a mail with wrong signature, within a pdf file. I opened the pdf with okular, because I trust the person who sent. After some time I noticed that in Kmail the order names switched from German to English (Posteingang to inbox, Postausgang to outbox, Gesendet to sent-mail). Before, I still used X-server. After that I switched to wayland. Is that an attack? Must I be frightened? Kind regards, Tobias
Am Sonntag, 25. Juni 2023, 16:34:22 CEST schrieb Tobias Weiß:
Hallo everybody,
since a week I am a bit frightend: I got a mail with wrong signature, within a pdf file. I opened the pdf with okular, because I trust the person who sent. After some time I noticed that in Kmail the order names switched from German to English (Posteingang to inbox, Postausgang to outbox, Gesendet to sent-mail).
Before, I still used X-server. After that I switched to wayland.
Is that an attack? Must I be frightened?
Kind regards, Tobias
Which opensuse: lsb-release -id Which Repos: zypper lr -d Stephan
Hallo, ~> lsb-release -id Distributor ID: openSUSE Description: openSUSE Tumbleweed ~> zypper lr -d # | Alias | Name | Enabled | GPG Check | Refresh | Priority | Type | URI | Serv-> ---+--------------------------------------+--------------------------------------------------------------------+-----------+-----------------+----------------+-----------+--------+------------------------------------------------------------------------------------------------------------------+------- 1 | devel_languages_ruby_extensions | Ruby Extensions (openSUSE_Tumbleweed) | Ja | (r ) Ja | Nein | 99 | rpm-md | https://download.opensuse.org/repositories/devel:/languages:/ruby:/extension... | 2 | home_matthewtrescott_openproject | Unofficial OpenProject Packages for openSUSE (openSUSE_Tumbleweed) | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/home:/matthewtrescott:/openprojec... | 3 | https-download.opensuse.org-0df57502 | home:medozas74 | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/home:/medozas74/openSUSE_Tumblewe... | 4 | https-download.opensuse.org-a1293b47 | home:ecsos | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/home:/ecsos/openSUSE_Tumbleweed/ | 5 | https-download.opensuse.org-ab4972b2 | home:Ximi1970:branches:devel:languages:ruby | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/home:/Ximi1970:/branches:/devel:/... | 6 | https-download.opensuse.org-c1263aa2 | home:ahjolinna | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/home:/ahjolinna/openSUSE_Tumblewe... | 7 | https-download.opensuse.org-cbc653d4 | home:fusionfuture:zoom | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/home:/fusionfuture:/zoom/openSUSE... | 8 | https-download.opensuse.org-fe5a6cad | X11:Drivers:Video | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/X11:/Drivers:/Video/openSUSE_Tumb... | 9 | openSUSE-20210626-0 | openSUSE-20210626-0 | Nein | ---- | ---- | 99 | rpm-md | cd:/?devices=/dev/disk/by-id/usb-ASUS_SDRW-08D2S-U_KZQGBHM4125-0:0 | 10 | openSUSE_Tumbleweed | science tumbleweed | Nein | ---- | ---- | 99 | rpm-md | https://download.opensuse.org/repositories/science/openSUSE_Tumbleweed/ | 11 | openSUSE_Tumbleweed_1 | packman tumbleweed | Ja | (r ) Ja | Ja | 99 | rpm-md | https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/ | 12 | openproject | Repository for opf/openproject (stable/12) packages. | Nein | ---- | ---- | 99 | rpm-md | https://dl.packager.io/srv/rpm/opf/openproject/stable/12/sles/12/x86_64 | 13 | repo-debug | openSUSE-Tumbleweed-Debug | Nein | ---- | ---- | 99 | rpm-md | http://download.opensuse.org/debug/tumbleweed/repo/oss/ | 14 | repo-non-oss | openSUSE-Tumbleweed-Non-Oss | Ja | (r ) Ja | Ja | 99 | rpm-md | http://download.opensuse.org/tumbleweed/repo/non-oss/ | 15 | repo-oss | openSUSE-Tumbleweed-Oss | Ja | (r ) Ja | Ja | 99 | rpm-md | http://download.opensuse.org/tumbleweed/repo/oss/ | 16 | repo-source | openSUSE-Tumbleweed-Source | Ja | (r ) Ja | Ja | 99 | rpm-md | http://download.opensuse.org/source/tumbleweed/repo/oss/ | 17 | repo-update | openSUSE-Tumbleweed-Update | Ja | (r ) Ja | Ja | 99 | rpm-md | http://download.opensuse.org/update/tumbleweed/ | 18 | skype-stable | skype (stable) | Nein | ---- | ---- | 99 | rpm-md | https://repo.skype.com/rpm/stable/ | 19 | tumbleweed | nvidia tumbleweed | Ja | (r ) Ja | Ja | 99 | rpm-md | https://download.nvidia.com/opensuse/tumbleweed |
On 2023-06-25 16:34, Tobias Weiß wrote:
Hallo everybody,
since a week I am a bit frightend: I got a mail with wrong signature, within a pdf file.
Eummm... sorry, I don't understand that phrase (I got a mail with wrong signature, within a pdf file.). Could you explain with more words, please?
I opened the pdf with okular, because I trust the person who sent. After some time I noticed that in Kmail the order names switched from German to English (Posteingang to inbox, Postausgang to outbox, Gesendet to sent-mail).
Probably coincidental. Virus in PDFs work by including malicious javascript code in the PDF. However, _none_ of the open source PDF viewers in Linux support javascript. Only some third party, proprietary readers, do. Meaning, Okular doesn't, unless the version inn TW has been radically improved compared to the version I use in Leap. Rather verify that your "locale" hasn't changed, or that the translations of kmail have not been lost. For curio shake, the only way to send a document with virus to a Linux user that might work, is inside a LibreOffice document, which can include scripts in macros. However, the default is to disable macros when opening files. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Hallo Carlos, Kmail says: "Die Nachricht wurde mit dem Schlüssel [...] signiert. Status: Ungültige Signatur." Tobias
In the KDE settings, after I changed to wayland, there was the error message, that the German package was not found. I took again "German" and restarted. The German package was found by KDE settings, but still the order names in kmail had been changed to English. I know, that Linux is quiet secure! But, I want to be sure. For example X-server is said to be a problem. So who knows, if there is not a secure problem? Kind regards, Tobias
Hallo Michael, I opened Kleopatra: On top line there is the name of the person and its email address: Name: [...] Email: [...] Benutzerkennung: ungültig Gültig seit: 03.03.22 Gültig bis: 03.03.27 Schlüsselkennung: [...] Sorry, I don't know the English words for that. I wrote this guy yesterday. He said there was some rearrangement of the webmail server. It has changed. Tobias
On Sonntag, 25. Juni 2023 22:30:44 CEST Tobias Weiß wrote:
Hallo Michael,
I opened Kleopatra: On top line there is the name of the person and its email address: Name: [...] Email: [...] Benutzerkennung: ungültig Gültig seit: 03.03.22 Gültig bis: 03.03.27 Schlüsselkennung: [...]
Sorry, I don't know the English words for that.
no worries - I'm German, too. But why don't you ask in a German mailing list, then? For example users-de@lists.opensuse.org.
I wrote this guy yesterday. He said there was some rearrangement of the webmail server. It has changed.
Of course, I can't be sure, but if you know him and his machine hasn't been infected by a virus, IMHO you shouldn't worry too much.
Tobias
Bye. Michael.
On 2023-06-25 19:47, Tobias Weiß wrote:
Hallo Carlos,
Kmail says:
"Die Nachricht wurde mit dem Schlüssel [...] signiert. Status: Ungültige Signatur."
Please use more words, I don't understand what you are trying to say. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
participants (6)
-
Carlos E. R. -
Larry Len Rainey -
Manfred Hollstein -
mh@mike.franken.de -
Stephan Hemeier -
Tobias Weiß