Re: [Evolution] Bug 738247 - unwanted information disclosure in message headers
- From: d18jf98rw use startmail com
- To: evolution-list gnome org
- Subject: Re: [Evolution] Bug 738247 - unwanted information disclosure in message headers
- Date: Tue, 26 Sep 2017 09:53:50 -0400
On Tuesday, September 26, 2017 2:31 AM, Milan Crha <mcrha redhat com> wrote:
On Mon, 2017-09-25 at 17:30 -0400, d18jf98rw use startmail com wrote:
local IP is better.
Hi,
maybe. It still exposes some details about the network, like what
internal IP range is in use.
exposing internal range is much safer then real hostname, in my opinion.
I just tried with a Google account and the first Received header
contains "localhost.localdomain" with an IP of my ADSL router, not my
Correct, your workstation does not have host name setup and by default it
sends "localhost.localdomain".
Change host name to abc.example.org and you'll see it in recipient's headers.
It means that if you send email to someone using your personal gmail AND property configured office
workstation your email recipient will be able to tell where you work, this is just an example.
Where is the function responsible for helo message?
Regards,
Josh.
PS. The fact that pretty much nobody was ever interested in both unwanted information disclosure bugs just
speaks for very little interest serious users have in evolution. I can only imagine what happens if someone
decides to do a real audit...
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
