You are here

Security Problem ?

6 posts / 0 new
Last post
Justice
Offline
Last seen: 14 years 12 months ago
Joined: 2006-05-10 06:53
Security Problem ?

Hi

I love the idea of being able to run Thunderbird from my USB flash drive. I liked it so much in fact that I decided to set up two other Portable Thunderbird flash drives for a couple of friends of mine.

I am however having a couple of problems if someone could help me out please.

Firstly for some reason when I have tested these different drives with different accounts set up I have noticed that in...

Options/Privacy/Passwords/Viewsavedpasswords

I can see my username but with the password of the actual account of the drive currently plugged in ! This is a little scary security wise. By the way each account has been created separately and each flash drive only has one account on it.

Secondly I have noticed that Portable Thunderbird leaves registry settings on the host machine ! Even worse one of the settings is actually your e-mail address ! I am surprised at this as I thought Portable Thunderbird would take everything with it. I am just a little concerned for people wanting to maintain their privacy particularly when using a public computer.

Just as an update I am wondering if the first problem may be caused by updating to version 15.0.4 on all the flash drives. Perhaps auto updating is not the best way to update Portable Thunderbird and perhaps I should just wait for the new PT releases in future.

Anyway this isn’t meant to be a complaint I am just puzzled. Thanks so much for your work John and I look forward to PT15.0.4 !!

John T. Haller
John T. Haller's picture
Offline
Last seen: 8 hours 15 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Passwords and Reg Key

The passwords are maintained seperately for each copy of TB within the profile. They aren't stored anywhere else. The only thing I can think of is if you're accidentally reopening your local copy. Passwords stored in one aren't seen from another. But the passwords within TB are not encrypted, which is why using something like TrueCrypt on the drive is recommended.

Currently, the only reg key changed is the unread mail key. TB does this on its own and backing up/restoring is problematic. It stores the account name... which, if you have it set to your email address (which isn't a good idea) will store your email address. A couple workarounds for future versions are being explored.

Sometimes, the impossible can become possible, if you're awesome!

Justice
Offline
Last seen: 14 years 12 months ago
Joined: 2006-05-10 06:53
Hi John. Thanks for your

Hi John.

Thanks for your reply.

“The passwords are maintained seperately for each copy of TB within the profile. They aren't stored anywhere else. The only thing I can think of is if you're accidentally reopening your local copy. Passwords stored in one aren't seen from another.”

I think I have discovered what was wrong. As I was so concerned as to what had happened with my user name and the password for the current flash drive I decided to get to the bottom of it all.

I think the problem was I originally set up a copy of your Portable Thunderbird on my flash drive. Then after liking the way it worked I simply copied this version to each of the other two drives. I assumed I would be able to delete my account from each of the other drives and enter the new details of my friends accounts onto each of them independently.

What seems to have happened is Thunderbird doesn’t actually delete the default account properly. I could delete what I thought was everything but whenever I sent mail I would find that the outgoing mail user name in ….

Options/Privacy/Passwords/Viewsavedpasswords

Had reverted back to my original one. However many times I deleted all my previous details the outgoing username would return but only after sending a mail. Strange ! I am not sure if this is PT specific or TB in general.

I have solved the problem by making a new install for each drive and only inputting the details of the account that is to be used on that drive. All seems ok now.

“But the passwords within TB are not encrypted, which is why using something like TrueCrypt on the drive is recommended.”

Yes thank you for pointing that out. All drives are encrypted but I didn’t add this information on my original post as I thought it would just confuse the post with irrelevant information. But thank you for mentioning it though as I may not have known about TC.

“It stores the account name... which, if you have it set to your email address (which isn't a good idea) will store your email address.”

Oops yes I am guilty of simply using my e-mail address as the account name !! I hadn’t realised that it was using the account name I assumed it stored the email address. Thank you for this useful information and I will change my account name immediately.

“A couple workarounds for future versions are being explored.”
Great thanks !!

Could I just ask another quick question please, should I always wait for you to release an updated version of Portable Thunderbird or should I try to update my copy via the Thunderbird update ? What I am worried about is an update from Thunderbird website somehow damaging or corrupting my PT version, whereas you will have tested your updated version before release.

Thanks very much John for your hard work here, I really appreciate it.

Bruce Pascoe
Offline
Last seen: 13 years 9 months ago
Joined: 2006-01-15 16:14
...

As Portable Thunderbird is simply a stock copy of Mozilla Thunderbird, updating via the standard channels shouldn't damage your portable version. I thought this at first myself about PFF, but once I realized it was just a standard copy of Firefox with a special launcher, I stopped worrying.

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

Justice
Offline
Last seen: 14 years 12 months ago
Joined: 2006-05-10 06:53
Hi Bruce Thank you for your

Hi Bruce

Thank you for your help. I am surprised that updating through the normal way would be ok as I would have thought since things aren’t in their default place that links may be made in the update to folders / whatever that weren’t there ! Ha ha. Anyway thank you for putting my mind at rest.

Portable Thunderbird rocks !!

Bruce Pascoe
Offline
Last seen: 13 years 9 months ago
Joined: 2006-01-15 16:14
...

Yeah, Mozilla's updaters are pretty smart about knowing where everything should go, even if the program isn't in the default location. Smile

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

Topic locked