Re: [Evolution] Problem with address book
On Sun, 2012-09-09 at 17:16 -0700, Jeffrey Needle wrote: > Detailed error message:Cannot open book! Source already loaded! Hi, I think it was a bug in 3.2.x, which caused this error, though I cannot find it now. This is supposed to be fixed in current stable, which is 3.4.4. Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote: > Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit : > As users (mostly) ignore security warnings[1], it should be useless, > IMHO. > SSH does not targets same users than browsers or mail readers, so users > are more likely to read them. (And SSH keys doesn't expires, so you can > keep fingerprints for ages) > [1] http://lorrie.cranor.org/pubs/sslwarnings.pdf Yep, after 20+ years as a System & Network Administrator I can tell you with complete certainty that 99.44% of users just-hit-accept when they see an invalid-certificate notice. The only solution is a policy which disables accepting untrusted certificates [and what a nightmare that is as there are *many* commerce sites that use expired or self-signed certificates ]. There is no issue with how GNOME or Evolution manages certificates. signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] Problem with address book
Hi. I'm using Ubuntu 12.04, with Evolution 3.2.3 installed. It's a fresh install on a Dell Dimension 3000 desktop. I can't load my Google contacts. I have all the settings correct, username, etc., but I get an error message in a big red box: Unable to open address book This address book cannot be opened. This either means that an incorrect URl was entered, or the server is unreachable. Detailed error message:Cannot open book! Source already loaded! I have no idea how to fix this. Any ideas? Thanks. -- - Jeffrey Needle jeff.nee...@gmail.com ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote: > As users (mostly) ignore security warnings[1], it should be useless, > IMHO. Nice, didn't know that paper. I normally point to http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf page 5 as another quick explanation of the effect of such dialogs to the user. andre -- mailto:ak...@gmx.net | failed http://blogs.gnome.org/aklapper ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit : > Hi there, > As far as I can tell, Evolution uses a default set of SSL certificate > authorities. > [...] > > Will the user get (I hope) a big scary "SOMETHING IS VERY WRONG" warning > like SSH does when server fingerprints don't match? > > I'm of course not a security expert, but would like some reassurance > that Evolution is actually safe against this scenario. > Thanks As users (mostly) ignore security warnings[1], it should be useless, IMHO. SSH does not targets same users than browsers or mail readers, so users are more likely to read them. (And SSH keys doesn't expires, so you can keep fingerprints for ages) [1] http://lorrie.cranor.org/pubs/sslwarnings.pdf -- Bastien Durel ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL certificates and Man in the Middle attacks
> > However, I've been told that the Certificate Authorities system is > fundamentally flawed, in the sense that CAs don't communicate with each > other, any of them can sign for any domain name, and I've been told some > CAs are quite un-trustworthy. This is a scary prospect. Are you saying that a trusted CA might sign an SSL certificate for a domain that the requester doesn't own. I find that surprising. The whole point of the trusted CA system is that you *can* trust them to do the correct thing - and the correct thing is for them to verify that you have the right to request a signed certificate for a particular domain. > > Now, I never had to "accept" the certificate for Google to use GMail > through IMAP. To be honest, I would have expected some sort of prompt > that says, "Hey, this is the first time you're connecting to that > host... are you certain that you are on a trusted network connection and > the host you are connecting to is really the one it claims to be?"... No, the point of the trusted CA system is that you aren't presented with those sorts of prompts. If you are concerned about this, remove the trusted CA certificates from your system, you will then be asked to verify every new certificate your machine comes across. > > My question is thus the following: if the user is not the one manually > vetting the certificates, what happens when someone tries to do a > man-in-the-middle attack (ie: you're on an untrusted wifi, someone tries > to impersonate the GMail IMAP servers and provide a valid, signed > certificate that is different from Google's)? That requires the attacker to have a valid signed certificate, signed by a trusted CA, for Google's servers > > Will the user get (I hope) a big scary "SOMETHING IS VERY WRONG" warning > like SSH does when server fingerprints don't match? No, if the certificate seen by the underlying SSL mechanism is trusted, then you will not get any warnings ... because it's trusted. > > I'm of course not a security expert, but would like some reassurance > that Evolution is actually safe against this scenario. Evolution uses the same underlying SSL subsystem that the rest of your machine uses, so it is as safe as, say, the https protocol - and I suspect you put considerably more trust in that than you do in an encrypted IMAP connection. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
