Thunderbird does not ask for password when sending second mail !!!

[Basil Chupin]

On 13/07/12 17:40, Gilles Gravier wrote:
> Hi!
>
> On 13/07/2012 09:27, Basil Chupin wrote:
[...........]


>> So, THIS is your real concern - security when you decided to leave
>> your computer/laptop for a few minutes to go to the toilet of have a
>> cigarette or get a cup of tea, right?
> Surprise surprise...

No need to be surprised.

Security has always been acknowledged.

The question has always been, as still remains, as to why such a need
for this "over-the-hill" requirement.

Asking the questions has produced more riddles: why the statements about
firewalls, about anti-virus applications.


>> I have already answered this question when I responded to what Gilles
>> wrote: LOCK SCREEN when you want to leave your computer. It takes just
>> 2 simple clicks of the mouse to achieve this.
> And to circumvent. This is why "sudo" implements a password timeout
> mecanism... as I posted in the answer you mention. This is a sensible
> way to procede... as I mentionned too.

However, this does not appear to be a consideration because of what I
just stated above - and my general comments about security which hinted
at securing your computer should it get stolen; "sudo-ing" the password
does not protect the contents from being seen if the computer is stolen.

>> I think that you need to explain why you are so concerned about this.
>> Knowing the real reasons for your concern is most important in helping
>> you with your concern.
> Because (I'm guessing, applying security common sense) that 2 measures
> (lock screen with timeout trigger and password timeout on TBird) is
> better than just one. That's part of a defense in depth strategy,
> something very common when talking security. I'm sure you're aware of that.

Yes, but the request is based on something deeper than just what the
original post stated - at least this is what I make of it and which is
why I am probing.


>> WHY are you so worried about someone using your computer/laptop to
>> post some message, and with attachment, while you may step away from
>> your computer/laptop?
> Because of :
>
> 1) Theft of documents (work context)
> 2) Theft of identity (any context)
> 3) Misuse of documents (work, medical)
> 4) Mischief (any context)
>
> I could list more, but I'm sure you get the drift...

Of course, but then you should explain to the OP that if he really and
truly wants security then he should encrypt his whole computer to begin
with and then have it manacled to his wrist so that he can carry it
around with him everytime he wants to go to the toilet.


>> What I wrote about LOCKING SCREEN is more than enough to satisfy your
>> concern as the way you described it so far. Is there more to your
>> concern than you have said so far?
> No it is not. What happens when you let somebody access your account for
> a few minutes? Basil, before you answer this one with a cookie cutter
> answer about "you should never do that", check what MOST PEOPLE DO. It
> happens. More than you think.

No, I wouldn't state that ("you should never do that") because I do know
that people not only do this but also use for a password their dog's
name or the numerals '1234567890' or write down their password on the
side of the monitor :-) . I was a database administrator so know what
the little beggars get up to :-) .

Which, of course, raises the question which has not been asked or
mentioned so far: under which conditions is Jatin is using his
Thunderbird? It would *appear* that he is using it in an office
environment - but I am only guessing.

If he is using his system in an office environment then he should be
asking his question(s) of his System Administrator and not here; in fact
his Administrator should have all the necessary security measures in
place. So why is he asking here for answers?


>> If you feel that you want to discuss this privately and not in this
>> public mail list then please do not hesitate to send me a private
>> message and I will be glad to help you.
> I think everybody learns if we discuss this here. Maybe you too, Basil. :)

For me every day is a new learning experience. Always something new to
hear about, learn about, to digest, to reject as crap :-) .

However, I have also found that some people "open up" when they talk
about something in private rather than in public. Hence the offer. I'm
glad to see that Jatin has no need to go private.

BC

-- 
Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.4.4.2 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU