| 2010-10-14 15:02:31 |
Steve Conklin |
description |
Binary package hint: gobby
This is a usability issue that creates a security/privacy issue
Gobby is presented as an option for opening attachments in the evolution mail client.
The user is presented with a small "down arrow" next to an attachment listing in evolution, which presents options for opening the attachment in various applications. If the user simply clicks on the arrow, the action can be taken to open the attachment using one of the applications on the menu. The menu length depends on the attachment type and hence the number of applications listed. In my case, a single click results in the attachment being opened with gobby, which connects to the last host I used and pastes the name of the file into the gobby chat.
Since sensitive information if often sent by email within companies, this creates an inintentional leak of attachments to the collaborative gobby server.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gobby 0.4.12-1
ProcVersionSignature: Ubuntu 2.6.32-25.44-generic-pae 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic-pae i686
Architecture: i386
Date: Thu Oct 14 09:46:30 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100318)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gobby |
Binary package hint: gobby
This is a usability issue that creates a security/privacy issue
Gobby is presented as an option for opening attachments in the evolution mail client.
The user is presented with a small "down arrow" next to an attachment listing in evolution, which presents options for opening the attachment in various applications. If the user simply clicks on the arrow, the action can be taken to open the attachment using one of the applications on the menu. The menu length depends on the attachment type and hence the number of applications listed. In my case, a single click results in the attachment being opened with gobby, which connects to the last host I used and pastes the name of the file into the gobby chat.
Since sensitive information if often sent by email within companies, this creates an inintentional leak of attachments to the collaborative gobby server.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gobby 0.4.12-1
ProcVersionSignature: Ubuntu 2.6.32-25.44-generic-pae 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic-pae i686
Architecture: i386
Date: Thu Oct 14 09:46:30 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100318)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gobby
|
|
