EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 15 Feb 2017, 10:51 PM   #241
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,916
Quote:
Originally Posted by Grhm View Post
On my Nokia C2-01, which runs the Symbian operating system,
classic.fastmail.com works fine, but fastmail.com gives this message:
"Sorry, your browser does not support the technologies needed to use our web interface. Please make sure you have the latest version, and that JavaScript is enabled."
Symbian is a discontinued OS.. As it's no longer being supported by it's own developer, how long do you suppose third party sites/applications should support it?
sflorack is offline   Reply With Quote
Old 16 Feb 2017, 03:21 AM   #242
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,902
Quote:
Yes, UC is one of several browsers that I have installed; and no, the new interface doesn't work on it. Thank you for the suggestion, though.
The only other browser I can think of that has a chance of working is Opera Mini. If, perchance, it works, it actually would have performance and security advantages over other potential solutions for this old platform.
BritTim is offline   Reply With Quote
Old 16 Feb 2017, 07:58 AM   #243
Bamb0
Master of the @
 
Join Date: Feb 2005
Location: USA
Posts: 1,525
Quote:
Originally Posted by DumbGuy
Very few customers use the Classic UI
Yes which is a shame...... Its so much better!!!
Bamb0 is online now   Reply With Quote
Old 16 Feb 2017, 08:05 AM   #244
joe_devore
Essential Contributor
 
Join Date: Dec 2003
Location: Dover, NH, USA
Posts: 315
Quote:
Originally Posted by Bamb0 View Post
Yes which is a shame...... Its so much better!!!
yup

two things I like about the classic UI:
1 - constant view-able folder #s (new/total)
2 - empty link next to the trash folder
etc
I hope they will bring back those two features I rely on daily before they retire the Classic UI in June this year...
I have already used the transition guide they created at
https://www.fastmail.com/help/guides...ransition.html
to tweak the New UI as much as I could, which has made the New UI a bit more tolerable for me
joe_devore is offline   Reply With Quote
Old 16 Feb 2017, 09:21 AM   #245
walpurg
Member
 
Join Date: Nov 2014
Posts: 39
Quote:
Originally Posted by ChinaLamb View Post
Javascript runs just about everything these days. I'm not concerned. Even without javascript there are plenty of exploits that are still nasty. Exploits are found, exploits are patched.
I don't quite follow your logic. If Javascript runs just about everything, then it suddenly becoming a more potent expoitation vector would obviously have an impact, regardless of what other exploits exist. It would only take a few high profile cases trumpeted by the media for a significant number of people to become more worried about Javascript. I am not suggesting that people run for the hills because of this, but then again I'm not a fear-mongering journo - and there are plenty of those. And if the idea that "Javascript == potential danger" manages to get more fuel, that psychology will remain a factor long after the actual problems have been patched. Thus, more people may become interested in less Javascript-dependent interfaces, and it may be a good idea not to scrap such an interface here. I think this is something to consider, even if one is not personally concerned.

Provided, of course, that this is a real, widely applicable problem and not just an obscure radar blip hyped up by these researchers for self-promotion.
walpurg is offline   Reply With Quote
Old 16 Feb 2017, 10:48 AM   #246
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,316
Quote:
Originally Posted by walpurg View Post

Provided, of course, that this is a real, widely applicable problem and not just an obscure radar blip hyped up by these researchers for self-promotion.
My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.
ChinaLamb is offline   Reply With Quote
Old 16 Feb 2017, 11:26 AM   #247
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,706
Arrow ASLR vulnerability

We need to understand that this isn't a vulnerability in JavaScript. The researchers discovered a method of compromising the ability of ASLR to hide the memory mapping used by certain popular CPU's. Discovering the memory map doesn't immediately break security, but if another bug can then be exploited security can be compromised. Imagine having two different locks on a door -- a conventional key lock and a combination lock. If someone stole your key they could open that lock, but the door would still be locked if they couldn't break the combination lock code. The researchers used JavaScript to show that this exploit could be executed on a browser if an infected website was viewed and the browser didn't block the dangerous JavaScript from executing.

FastMail uses various techniques to prevent malicious JavaScript code in emails from being executed, so I don't think that's a danger. But clicking a link in a an email could allow an attacker to execute this exploit in JavaScript, which would increase your vulnerability. As far as I can see, nobody has reported this exploit actually being used.

One solution to not falling for these types of JavaScript vulnerabilities is to not execute such code from unsafe websites. Some security software (just as Norton) can block block access to dangerous websites, and browser features and add-ons (such as NoScript for Firefox) can prevent the browser from executing JavaScript and other code from unsafe websites.

Bill
n5bb is offline   Reply With Quote
Old 16 Feb 2017, 11:28 AM   #248
David
Ultimate Contributor
 
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
Quote:
Originally Posted by ChinaLamb View Post
My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.
It is appreciated, that we sometimes get posts, from the higher end of the spectrum.
David is offline   Reply With Quote
Old 16 Feb 2017, 04:40 PM   #249
walpurg
Member
 
Join Date: Nov 2014
Posts: 39
Quote:
Originally Posted by ChinaLamb View Post
My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.
That's great, but do you think that your average media consumer also has 20+ professional years in a very high risk industry, or might they take in the hype (if there's enough of it) and conclude that being able to use a site with Javascript disabled would be a plus for them? It doesn't matter that the world is not actually going to end if people start believing that maybe it's going to. The software company I worked for at the time (as part of my own 20+ years of experience, since that has become relevant) made a lot of money off the Y2K scare, even though it would not have had any meaningful impact on most of our clients' operations. But that's largely beside the point here, because I was never talking about FM scrapping their JS interface, I was talking about the Classic interface potentially becoming more valuable in attracting customers, should exploits of this vulnerability start popping up in the wild. @n5bb is quite right, strictly speaking this is not a JS vulnerability, but if the media focus of the JS aspect, that's what people are going to remember. For someone equating JS with danger, the fact that FM's own site would still be secure and the JS in emails wouldn't be executed would matter less than knowing that they could use the site with JS turned off, period.
walpurg is offline   Reply With Quote
Old 16 Feb 2017, 05:12 PM   #250
edu
Senior Member
 
Join Date: Jun 2016
Posts: 194
Quote:
Originally Posted by walpurg View Post
For someone equating JS with danger, the fact that FM's own site would still be secure and the JS in emails wouldn't be executed would matter less than knowing that they could use the site with JS turned off, period.
I agree. In fact, many people (including me and I see there are many more like me) are looking for email services without needing javascript when using the browser. Talking about security I think that it's very dangerous using javascript in all the websites, people should only enable it in some websites they trust, but it's also bad for our privacy: the server will receive a lot of information from us (maybe this is what many companies are looking for to track us more and more). So, I think FM would think about it.
edu is offline   Reply With Quote
Old 16 Feb 2017, 06:33 PM   #251
jchevali
Member
 
Join Date: May 2002
Location: London UK
Posts: 47
With @walpurg on this one.
jchevali is offline   Reply With Quote
Old 16 Feb 2017, 07:36 PM   #252
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,316
Quote:
Originally Posted by jchevali View Post
With @walpurg on this one.
Go get your tin foil hats.
ChinaLamb is offline   Reply With Quote
Old 16 Feb 2017, 08:21 PM   #253
walpurg
Member
 
Join Date: Nov 2014
Posts: 39
Quote:
Originally Posted by ChinaLamb View Post
Go get your tin foil hats.
Don't worry, I've worked in high risk environments for 20+ years so I already have one.

(Not that I follow the logic of how pointing out a possibility (contingent on several things, which I'm pretty sure I haven't failed to mention) makes me worthy of insults.)
walpurg is offline   Reply With Quote
Old 16 Feb 2017, 08:24 PM   #254
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,316
Quote:
Originally Posted by walpurg View Post
Don't worry, I've worked in high risk environments for 20+ years so I already have one.

(Not that I follow the logic of how pointing out a possibility (contingent on several things, which I'm pretty sure I haven't failed to mention) makes me worthy of insults.)
Aaah. Didn't mean it to be an insult. If you took my comment that way, not my intention. Hat off and an apology to you.
ChinaLamb is offline   Reply With Quote
Old 16 Feb 2017, 08:36 PM   #255
walpurg
Member
 
Join Date: Nov 2014
Posts: 39
Quote:
Originally Posted by ChinaLamb View Post
Aaah. Didn't mean it to be an insult. If you took my comment that way, not my intention. Hat off and an apology to you.
It wouldn't be a big deal (to me, don't know about @jchevali) even if you had meant it, It's just that people usually start talking about tin foil hats when someone is being... rather unreasonable? and in this case it seemed a bit too... abrupt? to suddenly get to that.
walpurg is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 04:50 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy