[MlMt] Does this announcement of GPG vulnerabilities affect MailMate?

Bill Cole mmlist-20120120 at billmail.scconsult.com
Sun Jul 15 12:23:33 EDT 2018


On 14 Jul 2018, at 15:32 (-0400), Dave C wrote:

> https://www.csoonline.com/article/3272067/security/researchers-warn-pgp-and-smime-users-of-serious-vulnerabilities.html
>
> I didn’t see any mention of MM in the announcement (which has been 
> updated several times).

It was mentioned in the (now very stale) original description of the 
problem at https://efail.de. As already said, Benny fixed MM's narrow 
susceptibility to the problem before it was published.

The solution in general to this class of "vulnerability" is to simple: 
do not generate HTML email, do not ever load any type of remote URLs in 
any messages without having consciously evaluated the specific 
trustworthiness of each URL source (not just the message source,) and do 
not by default interpret HTML in any message for rendering.

(Yeah, I know... Why would anyone listen to me on that matter now after 
ignoring me and many others for the past ~25 years? )

-- 
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole


More information about the mailmate mailing list