Re: Email based attack on University

To: debian-user@lists.debian.org
Subject: Re: Email based attack on University
From: Brian <ad44@cityscape.co.uk>
Date: Fri, 4 Oct 2019 10:11:52 +0100
Message-id: <[🔎] 04102019100017.6bff8dd4e888@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 20191004084948.GB21930@tuxteam.de>
References: <[🔎] dc2186e3-138a-ba0e-3243-fd7766b24db2@gmail.com> <[🔎] 54ee1ddd-6324-4f70-8517-942c4a8e63aa@www.fastmail.com> <[🔎] 20191002124111.GA14534@smallapple.localnet> <[🔎] qn2lqs$qjo$1@blaine.gmane.org> <[🔎] 02102019195319.d6e6601d48d9@desktop.copernicus.org.uk> <[🔎] abe6bd35-d6ea-d760-80f6-257ba6983e99@gmail.com> <[🔎] 03102019204040.cd63ca1e8269@desktop.copernicus.org.uk> <[🔎] 20191004084948.GB21930@tuxteam.de>

On Fri 04 Oct 2019 at 10:49:49 +0200, tomas@tuxteam.de wrote:

> On Thu, Oct 03, 2019 at 08:54:10PM +0100, Brian wrote:
> 
> [...]
> 
> > Opening an email causes no problem to the system on Debian. We would be
> > in deep trouble if it did. Does that address your concern?
> 
> Woah. A sweeping assertion which would start making sense if you
> tried to explain what "opening an email" means to you. Next step
> would be to fix "no problem to the system" (does the disappearance
> of all user files count?) and the step after that would be "on
> Debian" (which MUA? Desktop environment, or just X cum WM or
> console? Which set of installed programs? Is user in sudoers? Are
> the last Spectre patches in? And so on).
> 
> Yes, "our" security story is way better than theirs, and this is
> partly based on technical reasons, partly on social reasons and
> partly on practical reasons. But feeling smug about it is a
> vulnerability in itself :-)

A single reliable, well-documented and repeatable example of a problem
caused by pressing enter or clicking on a mail would go a long way to
wipe the smile of my face. User files are not necessary for the health
of the system.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: Email based attack on University
  - From: <tomas@tuxteam.de>

References:
- Email based attack on University
  - From: Keith Bainbridge <keithrbau@gmail.com>
- Re: Email based attack on University
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>
- Re: Email based attack on University
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Email based attack on University
  - From: deloptes <deloptes@gmail.com>
- Re: Email based attack on University
  - From: Brian <ad44@cityscape.co.uk>
- Re: Email based attack on University
  - From: Keith Bainbridge <keithrbau@gmail.com>
- Re: Email based attack on University
  - From: Brian <ad44@cityscape.co.uk>
- Re: Email based attack on University
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Package conflict apcupsd and nut-client
Next by Date: Re: Email based attack on University
Previous by thread: Re: Email based attack on University
Next by thread: Re: Email based attack on University
Index(es):
- Date
- Thread