KMail Bug Sent Encrypted Emails in Plain-Text — for 4 years

Shouldnt people who use this shit verify everything? The developers too, but as users, if you are worried about encrypting, then you should check any software you use, and this should have been discovered earlier.

Unless it was and the devs ignored it which would be scandalously bad

reading code is harder than writing it
it would literally be easier to write an email client than to audit someone else's

...

>KDE
I'm not surprised.

>expecting anything from KDE to be secure when plasmashell and krunner crash every few days
Whoever was affected deserved this

Does anyone actually use KDEshit?

Linux users don't have any friends to email anyway, and they send their whiny gaymergater rants in the clear.

>email
>in the last 4 years
lol

Niche enough to nobody testing the feature.
But I can see why this feature is required in some scenarios.
Like when you need to send a secure email after a specific event like as a dead mans switch or after a news story breaks.

I use KDE DE and it works great and for me it doesn't crash.
but I would never use Kmail. I mostly use webmail but whenever I do need client program I'd use Claws and whenever I set it up I always send test mails and look a the raw email to verify.

Wow, so this is the power of free software.

Use mutt

>winbabies can't tell the difference between the kernel and a random program

Some people do not want to pretend to be haxxors

I think the bug went undiscovered for so long because virtually nobody uses "send later"

Lincucks on damage control. Widows has video games, relevant softwar, and isn't made by NEETs for free because it's made by professionals.

How did the security team sign off on this?

Hahahha nvm it's open source

I use mutt every day but it's kinda shit. Redraw speed is terrible. You can't script it. HTML email is a pain. Manpages contain more words that your average novel.
I wish I could find the strength to write an email client that doesn't suck.

Linux desktop security is terrible. It's not like Windows or mac OS are any better, but it still sucks, and what's worse is that people generally think it's actually secure, which makes them behave more carelessly.

The latest example I just saw: a popular metadata parser library that GNOME and KDE use isn't interested on fixing vulns: openwall.com/lists/oss-security/2017/06/30/1

So yeah, desktop userland is shitty and insecure, and the kernel is shitty and insecure too. The only option for a reasonably secure desktop is Qubes.

Or Windows 10

Old news and only existed because no one used send later.

wtf is kmail and how is it related to linux ?

>KDE

>mutt
>saving passwords in plaintext
Alpine is better.

As long as Windows has all the old baggage around it, it's going to be pure garbage, even if it's Windows 20.

You don't have to store the passwords in plaintext though.

I like nail better, some distros launch the program if you type mail.

Have you missed all the mpengine exploits from Tavis Ormandy? Microsoft literally has an unsandboxed JavaScript interpreter and x86 emulator scanning everything including browser traffic, and it runs as SYSTEM.

bugs.chromium.org/p/project-zero/issues/detail?id=1252

This is just the tip of the iceberg, there's also stuff like kernel font handling, which is incredibly complex and shitty and has thousands of special-cases for specific font glyphs: freetype.org/freetype2/docs/subpixel-hinting.html

Not to mention all the outdated and vulnerable protocols, all the super hacky code that we've seen in the leaks...

Windows is just a fucking mess and they aren't going to start from zero because they'd lose the only reason their customers use it: legacy business software. There's a reason why Google forbids its employees to use it.

Didn't they move font rendering to userspace with win10?

>Redraw speed is terrible.
Are you running on a 486 or something?

Even if they did, they added a bunch of deliberate backdoors and spyware so it was a net loss of security.

Nope, but my mutt terminal is 150 columns by 112 lines.
What's really weird is that newsbeuter handles redrawing just fine.

Who here uses the original Unix mail?

"hey user, can you copy everyone on an update at the end of the day?"

"yeah sure boss, what's your discord username? ..wait do you have snapchat, i'll just send you a video.. no wait I'll just text everyone in a group message and I'll just relay the message back to everyone else individually.. actually wait are you guys on facebook??"

>nobody uses "KMail"
ftfy

kmail? literally who?

>kshit
>linux
pick one, I never allow any k* package on my linux machine

At least Linux tries to secure
Windows let's anything run and never fixes bugs without MSM reporting on it because of ransomware
Mac is just Linux with user accessable backdoors when they forget their password

>KDE

I think KTorrent also had this ridiculous bug that any file could be read/written remotely.

Makes me nervous about using other K-shit.

It's either secure, or it isn't.

If you're on the internet, the data you transmit doesn't belong to you. You can pretend! But you'd be delusional. All you can do is maybe encrypt your data properly and hide your keys on an airgap. Your machine (regardless of how secure you think it is) is probably somehow weak enough to be exploited in some way if it's connected to the internet.

>At least Linux tries to secure
Not really. Security isn't a priority, a lot of desktop software upstream doesn't care, and a whole other lot is abandoned and won't be fixed or hardened. The kernel situation is pretty bad too, Linus openly insults the grsecurity people and recently called their patches garbage, the very same people that have invented modern mitigation techniques that have made their way to other OSs. The KSPP is a joke, Red Hat has just hired some monkeys to copy-paste grsecurity code but since they don't understand it and often botcher the result is usually bad (they've already introduced vulnerabilities by doing this).

As I've said, just use Qubes and use instanced VMs to do your random browsing. Modern desktop OS running on bare metal considered harmful.

What the fuck is KMail? I literally never heard of it.

Yea because osx has more backdoors than Ubuntu or debian which were both developed with help from nsa

i like using protonmail because i don't want to have all communications stored locally. it just seems optimal.