Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[topic updated] Thunderbird security related issues
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
myga
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jun 2023
Posts: 121

PostPosted: Mon Jan 29, 2024 2:12 am    Post subject: [topic updated] Thunderbird security related issues Reply with quote

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-and-thunderbird-202

https://connect.mozilla.org/t5/discussions/mozilla-thunderbird-issues-with-outlook-accounts/td-p/49988

https://www.howtogeek.com/thunderbird-has-a-problem-with-outlook-hotmail-and-live-email-addresses/
_________________
[Never break the law to save people. Nope, there aint no heroes here. Unless you are 'Satoshi Nakamoto', that's a true anonymous.]


Last edited by myga on Sun Feb 11, 2024 3:48 am; edited 2 times in total
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20494

PostPosted: Mon Jan 29, 2024 3:46 am    Post subject: Re: thunderbird users beware Reply with quote

myga wrote:
the accusations below are backed facts.
Which facts? You didn't mention any.

myga wrote:
I logged in to my outlook accts using the browser and decided to check "my recent activity" settings. Sure enough, there are multiple failed login attempts from different countries in Europe and Asia on both accts in the last 2 months!
Could it be something other than Thunderbird? Maybe even a problem with Microsoft?

I would be curious to know about your facts though, it could be something else.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
myga
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jun 2023
Posts: 121

PostPosted: Mon Jan 29, 2024 4:27 am    Post subject: Re: thunderbird users beware Reply with quote

pjp wrote:
myga wrote:
the accusations below are backed facts.
Which facts? You didn't mention any.


Quote:
In the past couple of months I decided to use Thunderbird [...]

Quote:
[...]there are multiple failed login attempts from different countries in Europe and Asia on both accts in the last 2 months!


If that aint enough for you, then I'm afraid I'm the wrong individual to entertain your belief system.
_________________
[Never break the law to save people. Nope, there aint no heroes here. Unless you are 'Satoshi Nakamoto', that's a true anonymous.]
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20494

PostPosted: Mon Jan 29, 2024 5:00 am    Post subject: Reply with quote

If that's the only "fact" you're relying on, then I agree we have different "belief systems."
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
s0ulslack1
n00b
n00b


Joined: 06 Mar 2022
Posts: 25

PostPosted: Mon Jan 29, 2024 6:09 am    Post subject: Reply with quote

If it was leaking your details surely it'd pass along username/passwords, which it DOES NOT DO.
You're connected to the internet bud, there are trolls that scan IP's all day looking for default username/passwords, exploits and in your case attempting to brute force your credentials. This happens to anyone that has signed up for something online using an email address, thats why most of us use several.

Don't post such ridiculous subjects without any "facts"
Back to top
View user's profile Send private message
C5ace
Guru
Guru


Joined: 23 Dec 2013
Posts: 484
Location: Brisbane, Australia

PostPosted: Mon Jan 29, 2024 9:22 am    Post subject: Reply with quote

in the last 24 hours my mail server registered 1737 invalid login attempts to my email accounts. the record was around 5600 /24 hours during Christmas.
_________________
Observation after 30 years working with computers:
All software has known and unknown bugs and vulnerabilities. Especially software written in complex, unstable and object oriented languages such as perl, python, C++, C#, Rust and the likes.
Back to top
View user's profile Send private message
Goverp
Advocate
Advocate


Joined: 07 Mar 2007
Posts: 2182

PostPosted: Mon Jan 29, 2024 10:07 am    Post subject: Reply with quote

I've a box running sshd so I can log in and check it's still there :-) (to see if the power has gone). The port is open to the Internet. 6,600 failed login attempts from 330 different IP addresses over the last two days. It's like COVID or flu, but for networks.
_________________
Greybeard
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 6168
Location: Dallas area

PostPosted: Mon Jan 29, 2024 10:47 am    Post subject: Reply with quote

Any open port on your computer connected to the internet will draw lots of scans/probes.

Don't like it ... unplug the computer

Trying to blame thunderbird for attempts on any account is specious, at best.
_________________
UM780, 6.1 zen kernel, gcc 13, profile 17.0 (custom bare multilib), openrc, wayland
Back to top
View user's profile Send private message
The Main Man
Veteran
Veteran


Joined: 27 Nov 2014
Posts: 1171
Location: /run/user/1000

PostPosted: Mon Jan 29, 2024 12:58 pm    Post subject: Reply with quote

It's open source after all.
Back to top
View user's profile Send private message
Koyan
n00b
n00b


Joined: 07 Nov 2014
Posts: 32

PostPosted: Mon Jan 29, 2024 1:48 pm    Post subject: Re: thunderbird users beware Reply with quote

myga wrote:
there are multiple failed login attempts from different countries in Europe and Asia on both accts in the last 2 months!


If Thunderbird (which knows your login and password) were to blame, those attempts wouldn't have failed.
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5159
Location: Bavaria

PostPosted: Mon Jan 29, 2024 2:44 pm    Post subject: Re: thunderbird users beware Reply with quote

myga,

let me explain what happened by way of comparison:

You have a house with an entrance door. Your child has a key to the house and is allowed to use it. Now you have your house under surveillance and see that strangers are trying to pick the lock on the front door. Please do not blame your child, because he or she has no influence on the behavior of strangers. Even if you take the key away from your child (thunderbird) and give it to your mother (kmail), strangers may still try to pick your lock.

myga wrote:
If that aint enough for you, then I'm afraid I'm the wrong individual to entertain your belief system.

I recommend that you have a little more trust in our experts and rather ask questions when something is not understood instead of giving rude answers. If you talk to a Gentoo developer, administrator or moderator, you can be sure that they are not talking nonsense (most of the time :lol: ). Users who have been active here since 2002 usually have immense computer expertise ... and yes, we also have new users who are IT professionals in their jobs ... ;-)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5159
Location: Bavaria

PostPosted: Mon Jan 29, 2024 2:50 pm    Post subject: Reply with quote

Moved from Networking & Security to Gentoo Chat.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
sMueggli
Guru
Guru


Joined: 03 Sep 2022
Posts: 500

PostPosted: Mon Jan 29, 2024 5:08 pm    Post subject: Reply with quote

Are you using your outlook email with or without 2FA?

Does Thunderbird use your "real" username/password combination or does Thunderbird use an application password (to bypass the 2FA)?
Back to top
View user's profile Send private message
Fitzcarraldo
Advocate
Advocate


Joined: 30 Aug 2008
Posts: 2056
Location: United Kingdom

PostPosted: Mon Jan 29, 2024 6:16 pm    Post subject: Reply with quote

myga,

Thunderbird has nothing to do with cracking attempts on your Outlook e-mail account(s). There are plenty of other e-mail clients other than Thunderbird, and the same phenomenon happens to users of those e-mail clients. I'm the only user of Thunderbird in my family, but there are plenty of unauthorised attempts by crackers to access my family's e-mail accounts.

Enter your e-mail address(es) in the F-Secure Identity Theft Checker:

https://www.f-secure.com/en/identity-theft-checker

You will receive an e-mail per account showing breached services, along with the dates the breach was discovered and what data was exposed (it could be the e-mail address and/or username and/or password and/or your name, and so on). It is likely there are breaches that predate the commencement of your use of Thunderbird.

If you have ever sent an e-mail to an online service (shop, forum, hospital, club, etc.) or registered your e-mail with an online service, and the service has been cracked at some point in time (scraped fully or partially), your e-mail address will be known to the crackers (and possibly posted in lists on the Dark Web), who will then try to crack your e-mail account. It happens all the time. The e-mail account I use for online shopping since 1996 is bombarded with attempts, which is why a strong password is so important (the xkcd cartoon Password Strength comes to mind).

Consider how crackers accessed 34,942 PayPal accounts, for example:

https://www.forbes.com/sites/daveywinder/2023/01/21/no-paypal-hasnt-been-hacked-yet-almost-35000-accounts-were-breached/

PayPal wasn't 'hacked', as such. What the criminals did was crack other Web sites and steal those sites' users' e-mail addresses and passwords. The criminals then tried those passwords on the PayPal site to see if any of the users of the other sites used the same password for their PayPal account. Some 34,942 users did use the same password for their PayPal account as for their account on the other sites that were cracked. The crackers could just have easily tried (and possibly did try) to access the users' e-mail accounts, and they will have automated it, i.e. not using an e-mail client such as Thunderbird.
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.

My blog
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum