lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 2 Mar 2006 10:09:28 -0500
From: "Jay Stapleton" <jay.stapleton@...putershare.com>
To: "Nick Boyce" <nick.boyce@...il.com>,
	"Daniel Veditz" <dveditz@...zio.com>, <bugtraq@...urityfocus.com>,
	<security@...illa.org>
Subject: RE: [Full-disclosure] Mozilla Thunderbird : Multiple Information
 Disclosure Vulnerabilities


Or perhaps cache the images along with the message, to be deleted when
the message is.  That way one can open an email many times without
accessing a web resource each time. 

It would also allow someone to forward a message, and include the
content as it is currently, as opposed to how it may be in several
hours.

-Jay Stapleton.


[quote]
Hmmm. I didn't realise the "Show Images" setting got stored, and I
don't think that's the best strategy from a privacy point of view.  I
take it you mean "stored for that one message", and not "stored for
all messages from that sender", or "stored for all messages" - but
still .... it would be better to not store it at all, IMHO.  Users can
always add senders to their Address Book if they want to evade the
"block-images" feature.

How about displaying more option buttons when remote images have been
blocked ?
e.g. :
    Show remote images this time only
    Always show remote images when this message is viewed
    Always show remote images from this sender
    Always show remote images

Nick Boyce
--
Never fdisk after midnight
[/quote]

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ