On 05/04/2019 20:37, mhoye via governance wrote:
That's not a spectacular argument, but our engineering resources are
finite and in the face of other security issues we definitely need to
manage, like Spectre - which absolutely does have some spectacular
arguments in its corner - that argument has always been enough to move
this bug far enough down the priority list that we never get to it.
Having said that, I'm definitely sympathetic to the position that if
we're offering to encrypt something at all, we shouldn't be using weak
or dated encryption for the job however remote we feel the related
risks are.
Thanks for your reply.
To me, the most likely attack vectors are one of these two:
Some malware one the machine which only needs to be active for a very
short amount of time shipping out the password database. It happened to
me once that such malware shipped out my totally unencrypted FileZilla
FTP password database. The attackers took over all my websites and
installed their malware there; I was alarmed by Google's webmaster tools
or some other Google tool. Of course I changed my FTP client
immediately. Just now I read that FileZilla actually changed their
product after years of user complaints.
There was a bug in Thunderbird, were Thunderbird would ship out a file
on request by an attacker, see
https://bugzilla.mozilla.org/show_bug.cgi?id=1151366.
The second situation is an office situation where someone leaves their
machine unattended for two minutes. No software is required to do a
"walk by" attack and carry away the password database on a USB stick.
Decent encryption would immediately defeat both attacks.
Kind regards, Jörg.
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
