[topic updated] Thunderbird security related issues

myga · Tux's lil' helper Joined: 12 Jun 2023 Posts: 99

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-and-thunderbird-202

https://connect.mozilla.org/t5/discussions/mozilla-thunderbird-issues-with-outlook-accounts/td-p/49988

https://www.howtogeek.com/thunderbird-has-a-problem-with-outlook-hotmail-and-live-email-addresses/
_________________
[<<$>>]

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

myga · Tux's lil' helper Joined: 12 Jun 2023 Posts: 99

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

If that's the only "fact" you're relying on, then I agree we have different "belief systems."
_________________
Quis separabit? Quo animo?

s0ulslack1 · n00b Joined: 06 Mar 2022 Posts: 21

If it was leaking your details surely it'd pass along username/passwords, which it DOES NOT DO.
You're connected to the internet bud, there are trolls that scan IP's all day looking for default username/passwords, exploits and in your case attempting to brute force your credentials. This happens to anyone that has signed up for something online using an email address, thats why most of us use several.

Don't post such ridiculous subjects without any "facts"

C5ace · Posted: Mon Jan 29, 2024 9:22 am Post subject:

in the last 24 hours my mail server registered 1737 invalid login attempts to my email accounts. the record was around 5600 /24 hours during Christmas.
_________________
Observation after 30 years working with computers:
All software has known and unknown bugs and vulnerabilities. Especially software written in complex, unstable and object oriented languages such as perl, python, C++, C#, Rust and the likes.

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2008

I've a box running sshd so I can log in and check it's still there :-)

(to see if the power has gone). The port is open to the Internet. 6,600 failed login attempts from 330 different IP addresses over the last two days. It's like COVID or flu, but for networks.
_________________
Greybeard

Anon-E-moose · Posted: Mon Jan 29, 2024 10:47 am Post subject:

Any open port on your computer connected to the internet will draw lots of scans/probes.

Don't like it ... unplug the computer

Trying to blame thunderbird for attempts on any account is specious, at best.
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland

The Main Man · Posted: Mon Jan 29, 2024 12:58 pm Post subject:

It's open source after all.

Koyan · n00b Joined: 07 Nov 2014 Posts: 22

pietinger · Posted: Mon Jan 29, 2024 2:44 pm Post subject: Re: thunderbird users beware

myga,

let me explain what happened by way of comparison:

You have a house with an entrance door. Your child has a key to the house and is allowed to use it. Now you have your house under surveillance and see that strangers are trying to pick the lock on the front door. Please do not blame your child, because he or she has no influence on the behavior of strangers. Even if you take the key away from your child (thunderbird) and give it to your mother (kmail), strangers may still try to pick your lock.

pietinger · Posted: Mon Jan 29, 2024 2:50 pm Post subject:

Moved from Networking & Security to Gentoo Chat.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger

sMueggli · Guru Joined: 03 Sep 2022 Posts: 369

Are you using your outlook email with or without 2FA?

Does Thunderbird use your "real" username/password combination or does Thunderbird use an application password (to bypass the 2FA)?

Fitzcarraldo · Posted: Mon Jan 29, 2024 6:16 pm Post subject:

myga,

Thunderbird has nothing to do with cracking attempts on your Outlook e-mail account(s). There are plenty of other e-mail clients other than Thunderbird, and the same phenomenon happens to users of those e-mail clients. I'm the only user of Thunderbird in my family, but there are plenty of unauthorised attempts by crackers to access my family's e-mail accounts.

Enter your e-mail address(es) in the F-Secure Identity Theft Checker:

https://www.f-secure.com/en/identity-theft-checker

You will receive an e-mail per account showing breached services, along with the dates the breach was discovered and what data was exposed (it could be the e-mail address and/or username and/or password and/or your name, and so on). It is likely there are breaches that predate the commencement of your use of Thunderbird.

If you have ever sent an e-mail to an online service (shop, forum, hospital, club, etc.) or registered your e-mail with an online service, and the service has been cracked at some point in time (scraped fully or partially), your e-mail address will be known to the crackers (and possibly posted in lists on the Dark Web), who will then try to crack your e-mail account. It happens all the time. The e-mail account I use for online shopping since 1996 is bombarded with attempts, which is why a strong password is so important (the xkcd cartoon Password Strength comes to mind).

Consider how crackers accessed 34,942 PayPal accounts, for example:

https://www.forbes.com/sites/daveywinder/2023/01/21/no-paypal-hasnt-been-hacked-yet-almost-35000-accounts-were-breached/

PayPal wasn't 'hacked', as such. What the criminals did was crack other Web sites and steal those sites' users' e-mail addresses and passwords. The criminals then tried those passwords on the PayPal site to see if any of the users of the other sites used the same password for their PayPal account. Some 34,942 users did use the same password for their PayPal account as for their account on the other sites that were cracked. The crackers could just have easily tried (and possibly did try) to access the users' e-mail accounts, and they will have automated it, i.e. not using an e-mail client such as Thunderbird.
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC udev elogind & KDE on both.
Fitzcarraldo's blog