|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
15 Feb 2017, 10:51 PM | #241 | |
The "e" in e-mail
Join Date: Feb 2002
Posts: 2,937
|
Quote:
|
|
16 Feb 2017, 03:21 AM | #242 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
Quote:
|
|
16 Feb 2017, 07:58 AM | #243 | |
Master of the @
Join Date: Feb 2005
Location: USA
Posts: 1,877
|
Quote:
|
|
16 Feb 2017, 08:05 AM | #244 |
Essential Contributor
Join Date: Dec 2003
Location: Dover, NH, USA
Posts: 315
|
yup
two things I like about the classic UI: 1 - constant view-able folder #s (new/total) 2 - empty link next to the trash folder etc I hope they will bring back those two features I rely on daily before they retire the Classic UI in June this year... I have already used the transition guide they created at https://www.fastmail.com/help/guides...ransition.html to tweak the New UI as much as I could, which has made the New UI a bit more tolerable for me |
16 Feb 2017, 09:21 AM | #245 | |
Member
Join Date: Nov 2014
Posts: 39
|
Quote:
Provided, of course, that this is a real, widely applicable problem and not just an obscure radar blip hyped up by these researchers for self-promotion. |
|
16 Feb 2017, 10:48 AM | #246 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.
|
16 Feb 2017, 11:26 AM | #247 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
ASLR vulnerability
We need to understand that this isn't a vulnerability in JavaScript. The researchers discovered a method of compromising the ability of ASLR to hide the memory mapping used by certain popular CPU's. Discovering the memory map doesn't immediately break security, but if another bug can then be exploited security can be compromised. Imagine having two different locks on a door -- a conventional key lock and a combination lock. If someone stole your key they could open that lock, but the door would still be locked if they couldn't break the combination lock code. The researchers used JavaScript to show that this exploit could be executed on a browser if an infected website was viewed and the browser didn't block the dangerous JavaScript from executing.
FastMail uses various techniques to prevent malicious JavaScript code in emails from being executed, so I don't think that's a danger. But clicking a link in a an email could allow an attacker to execute this exploit in JavaScript, which would increase your vulnerability. As far as I can see, nobody has reported this exploit actually being used. One solution to not falling for these types of JavaScript vulnerabilities is to not execute such code from unsafe websites. Some security software (just as Norton) can block block access to dangerous websites, and browser features and add-ons (such as NoScript for Firefox) can prevent the browser from executing JavaScript and other code from unsafe websites. Bill |
16 Feb 2017, 11:28 AM | #248 | |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Quote:
|
|
16 Feb 2017, 04:40 PM | #249 | |
Member
Join Date: Nov 2014
Posts: 39
|
Quote:
|
|
16 Feb 2017, 05:12 PM | #250 |
Senior Member
Join Date: Jun 2016
Posts: 194
|
I agree. In fact, many people (including me and I see there are many more like me) are looking for email services without needing javascript when using the browser. Talking about security I think that it's very dangerous using javascript in all the websites, people should only enable it in some websites they trust, but it's also bad for our privacy: the server will receive a lot of information from us (maybe this is what many companies are looking for to track us more and more). So, I think FM would think about it.
|
16 Feb 2017, 06:33 PM | #251 |
Member
Join Date: May 2002
Location: London UK
Posts: 47
|
With @walpurg on this one.
|
16 Feb 2017, 07:36 PM | #252 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
|
16 Feb 2017, 08:21 PM | #253 |
Member
Join Date: Nov 2014
Posts: 39
|
Don't worry, I've worked in high risk environments for 20+ years so I already have one.
(Not that I follow the logic of how pointing out a possibility (contingent on several things, which I'm pretty sure I haven't failed to mention) makes me worthy of insults.) |
16 Feb 2017, 08:24 PM | #254 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
Aaah. Didn't mean it to be an insult. If you took my comment that way, not my intention. Hat off and an apology to you.
|
16 Feb 2017, 08:36 PM | #255 |
Member
Join Date: Nov 2014
Posts: 39
|
It wouldn't be a big deal (to me, don't know about @jchevali) even if you had meant it, It's just that people usually start talking about tin foil hats when someone is being... rather unreasonable? and in this case it seemed a bit too... abrupt? to suddenly get to that.
|