Vulnerabilities in STARTTLS threaten popular email clients

At the USENIX conference, a group of German scientists announced the discovery of more than 40 vulnerabilities in STARTTLS implementations in popular mail clients and servers, including Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex and KMail. Exploitation of these issues allows an attacker to steal credentials, intercept emails,… Continue reading Vulnerabilities in STARTTLS threaten popular email clients

Mozilla Thunderbird email client stored OpenPGP keys in clear text

The researcher found that for several months Mozilla Thunderbird saved some users’ OpenPGP keys in plain text format. For example, Thunderbird users recently realized that when they open a program, they can view emails encrypted by OpenPGP without entering their master passwords. Such messages in Thunderbird should only be viewable after authentication. The vulnerability has… Continue reading Mozilla Thunderbird email client stored OpenPGP keys in clear text