[Users] [Bulk] Re: [Bulk] Re: Claws config needs much better documentation

Kevin Chadwick ma1l1ists at yahoo.co.uk
Tue Jul 31 18:43:48 CEST 2012


On Tue, 31 Jul 2012 21:38:13 +0530
Sitaram Chamarty wrote:

> On Tue, Jul 31, 2012 at 7:27 PM, Kevin Chadwick <ma1l1ists at yahoo.co.uk> wrote:
> > On Tue, 31 Jul 2012 17:54:38 +0530
> > Sitaram Chamarty wrote:
> >
> >> You basically threw up a strawman argument to bolster your contention
> >> that the current default is safer when it actually has nothing to do
> >> with safety.
> >
> > Rubbish, you obviously don't understand security.
> 
> What I do understand is that you brought in Outlook when we're discussing Claws.
> 

Only because it is notorious for mshtml exploits that viruses have
used. Out of interest, what lib does the html plugin use on windows?


> > http://osvdb.org/search?search%5Bvuln_title%5D=png&search%5Btext_type%5D=alltext
> > http://osvdb.org/search?search%5Bvuln_title%5D=jpeg&search%5Btext_type%5D=alltext
> 
> Are *all* your contacts (friends, family...) smart about this and
> immune to malware?  Never received an email supposedly from your
> colleague?
> 

Well I have received one from a friend who had his password stolen by a
keylogger on holiday. It was obviously spam but his gmail address so I
right clicked without opening it and looked at the source and helped
him link it to his holiday and told him to change the password on all
his online accounts that he used it on (he said that took him ages).

> One of the viruses (around '98 or so; forget which one), once it hit a
> (Windows) user, would look in his mail for suitable subject lines and
> addresses and reply with those subject lines to those addresses.
> You'll have no reason to suspect it's anything but a genuine email
> from someone you know.
> 

So as I mentioned maybe the default for "Automatically Display attached
images" on all clients should be not to load images unless clicked if
that isn't the case already. Like firefox on android and noscript ask
before displaying flash.

In any case it doesn't change the fact that it is a good thing to be
able to delete mails without opening them on IMAP and a trivial problem
that could perhaps be made even more trivial to not notice the dis
linkage between message display and selection.



More information about the Users mailing list