I don't even know anymore
This seems to demand the invention of a new class of facepalm all on its own.
Writing secure code is NOT like driving a dune buggy, FFS.
Enigmail has patched a hole in the world's most popular PGP email platform that caused mail to be sent unencrypted when all security check boxes were ticked. The dangerous hole in the Mozilla Thunderbird extension affected email that was sent only to blind carbon copy recipients on all versions below 1.7.2 released last month …
This is probably the best laugh I'm going to have all day.
All I could see was some massive compound 'if' statement and an 'if' that really ought to have had braces.
Brave of him to own up to it. At least he didn't try to claim that the NSA had hacked his repository...
The description of the error in the release notes is ambiguous.
" Even when marked to be encrypted, an email with only Bcc recipients is sent in plain text!"
Does this mean that the bug only shows up & sends mail unencrypted to the BCC recipients when the BCC field is used but the TO & CC fields are blank, or does this mean that the bug always sends mail unencrypted to the BCC recipients independent of the status of the TO & CC fields?
These are two very different behaviors with two very different probabilities of being triggered due to the way people often use BCC. My expedience with BCC both sending and receiving email is that the TO field is always filled with some address, sometimes a dummy address (such as the sender's). If the "only Bcc recipients" requirement is in fact strictly the case, then most instances of using BCC that I've seen would not trigger the bug.
This just underscores how describing bugs needs to be done with precision.
"As a serious user (dissident, whistle-blower, diplomatic or military user) I would now be waiting for the bad guys come and get me with their water-board,"
It's the good guys that play around with waterboards. the bad guys simply shoot you.
Edit: Icon - 'cause the whole thing seems to be a bad joke...
No, it would ADD points of failure, particularly for e-mail with multiple recipients, because now you have to manually make sure you encrypt the message each time for each recipient. And make sure each one is done with the right key and matched up and so on.
I don't like having to resort to external programs because it breaks the KISS principle and introduces additional potential points of failure.
This is a good lesson learned, actually.
I bet all the attention was going into getting the encryption routines exactly right and nobody checked to see they were being called at all in every case they were required.
I've had oversights like that myself (not on such a high profile product, thankfully), but this is a good reminder to take a step back now and again and take a panoramic look at what I'm doing.
@ frank ly
BCC = hide recipients
PGP = encrypt emails
2 different items.
Just in this case, if a PGP encrypted email was sent via BCC, then it wasn't encrypted, even though it was meant to be. Make sense?
Anyway, i am sure the 2 people left who use PGP don't need to use BCC as they only email each other. ;-)
It depends……..
some Shitty clients send a single email to a server, which then takes the BCC list strips it and sends a separate email to each user, with the BCC blank… but some have bugs…….
a GOOD email client, sends separate emails to the server with NO reference to each other, so even the server does not get to know the BCC list. ( yep if you have a BCC of 200 addresses it sends the email 200 times to the server… and yes the server could work out the list, but at least it negates BCC bugs)
Web based systems ( gmail, etc) are a mixed bunch.. But then using BCC with Gmail & web front end makes no sense since google would get your BCC list….
Absolutely the WORST piece of crap I dealt with was 'Groupwise' By Novell.
Their crappy SMTP gateway…….
It's surprising that such an error could have been made: didn't the developers consider at least basic functional testing before release? Even more surprising that no-one noticed (or does it imply that this was a rarely-used function?).
Still, I guess it's fair to say that users should do their own basic tests on new releases to ensure critical functions that they rely on still work, rather than relying on blind trust.
I have, there are routine areas where even amateurs use this, I used to volunteer with a mental health charity that was tied to the NHS on a project. Due to patient confidentiality, mass emails always got sent with every recipient in the BCC field. (Admittedly we'd not have been using PGP, but I could see situations where you'd use both, routinely.