toggle quoted messageShow quoted text
Mozilla seems to have a
peculiar obsession with security. They are constantly releasing
new versions of Firefox and Thunderbird which are purported to
be "more secure" than previous versions, but of course, there is
really no way to substantiate their claims aside from taking
their word for it. I suspect that they use their claims of
improved security to justify their ambitious release schedule, a
strategy which has largely backfired, because Firefox has
experienced a steep decline in share of the browser market.
On 9/30/2020 7:28 AM, Ron Canazzi
If what you are saying is true then my question is why do software
companies--even free ones like Mozilla--always mention security as
well as efficiency and functionality when they announce a new
update. I could understand if the only companies doing this were
for profit, but Mozilla is a free download. What is in it for
them to announce that a particular update is a security and
On 9/30/2020 1:09 AM, Gene wrote:
If we were talking about browsers, I would
agree not to run old ones.
I did e-mail searches and found very little supporting your
position. Almost everything I fouhnd talked about phishihng and
social engineering. I did find one discussion about a truly
archaic version of Outlook, Outlook 2000 and I found a few
general statements about unpatched exploits but almost nothing,
thus leading me to continue to believe what I believed before,
that exploits in e-mail programs are not generally used in
attacks these days.
This discussion, talking about a really archaic version of
Outlook has content that may support your contention, but I
found almost no other discussion of the question in a search for
is it dangerous to use an old version of an e-mail program. And
note that this discussion doesn't say that to any of the
participants' knowledge, anyone has been hacked through this
truly archaic version of Outlook by the use of unpatched
exploits It simply says that this or that can be done..
I'm not saying what you say is wrong, but until I get good
evidence otherwise, I shall continue to hold my views, that ((1)
there is no interest in attacking people through malicious code
these days in e-mails and that (2) being on lists like this for
years and not having seen one message from anyone about being
attacked in other ways than by phishing and social engineering
and that 3) the links for about fifteen results I read, I read
the links, I didn't go to the pages, but the links don't mention
embedded code, they discuss phishing and other forms of social
engineering, all this is, in my opinion, strong evidence that I
I'm not telling anyone they must do anything, either. I'm
presenting the reasons I believe I am correct.
Here is the link to one of the searches I did. It was worded
about like this:
Are e-mails with malicious code common in 2020
You may see the results. I've looked at the links to something
like fifteen results and they all deal with attacks such as
phishing and no links mention messages with embedded malicious
As I said, I looked at the links themselves, I didn't go to the
If you have good evidence to show that I am or have a reasonable
chance of being wrong, that's fine. You have more technical
knowledge than I do and you may find such information. I shall
continue to believe I am correct unless I see convincing
-----Original Message----- From: Brian Vogel
Sent: Tuesday, September 29, 2020 10:42 PM
Subject: Re: [TechTalk] Giving Up on Thunderbird!
On Tue, Sep 29, 2020 at 11:28 PM, Gene wrote:
You may correct me if I'm wrong on these points or disagree-
I am not going to, because you are entirely capable of doing a
web search on "email client attacks" or "email attack surfaces"
or similar to get reams of documentation on what has been going
on for years.
I'm not going to tell anyone they must do anything. I'm also
not going to tell them that leaving web browsers or email
clients in an un-updated state is a wise or safe thing to do,
because it isn't.