On 5/26/21 3:46 PM, Carlos E. R. wrote:
El 2021-05-26 a las 13:24 -0500, David C. Rankin
On 5/26/21 5:53 AM, Carlos E. R. wrote:
> On 26/05/2021 12.47, Carlos E. R. wrote:
>> On 26/05/2021 10.25, David C. Rankin wrote:
>>> Icarus moment: Mozilla Thunderbird was saving OpenPGP keys in
>>> encryption snafu
>>> Cockup has since been patched in latest release
>>> 6 Comments
>>> Gives me the shivers about ever updating....
>> Yeah :-(
>> And we have a vulnerable version, 78.10.0
Curious this was marked as "Minor"
security impact. That's like
disk encryption wasn't working making your
drive readable by anyone
access -- but since that requires physical
control -- it's minor.
I guess with Tbird, you presumably would have to
user account before your e-mails were read.
Again, not a problem to someone with access. Take the disk, mount it
on another computer, and just read the mail files - if not encrypted.
Access while encrypted and running? Yes, also possible. There is a bug
in XFCE that somehow doesn't kick the screensaver when the machine is
iddle of hibernated, meaning that for example the laptop can be
hibernated: steal it, start it, and you are in, no password protects
Not if there is no battery in it.