搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Could Thunderbird's connection be hacked when browsing other sites?

  • 9 个回答
  • 2 人有此问题
  • 6 次查看
  • 最后回复者为 Praetorian

more options

Hello!

This is likely very dumb question, but with no one to ask, my brain keeps cooking up worse case scenarios.

So if I have my Thunderbird open while browsing random sites with Firefox, is there a chance any of those sites, their cookies or whatever bad could show up that moment, be capable of reading the email account password that my Thunderbird uses?

As Thunderbird connects to my email server and any of those sites I browse could see that password and hack to my email? I try to keep away from porn and such sites, but everything makes me worried.

Thank you for any help you can provide. Until now I've gone and changed password again when accidentally opening unknown site while Thunderbird. But I feel I'm being stupid, so any confirmation would save my nerves.

Hello! This is likely very dumb question, but with no one to ask, my brain keeps cooking up worse case scenarios. So if I have my Thunderbird open while browsing random sites with Firefox, is there a chance any of those sites, their cookies or whatever bad could show up that moment, be capable of reading the email account password that my Thunderbird uses? As Thunderbird connects to my email server and any of those sites I browse could see that password and hack to my email? I try to keep away from porn and such sites, but everything makes me worried. Thank you for any help you can provide. Until now I've gone and changed password again when accidentally opening unknown site while Thunderbird. But I feel I'm being stupid, so any confirmation would save my nerves.

所有回复 (9)

more options

I would say it's most unlikely. Cant figure out how that can be done. Your passwords in Thunderbird are encrypted and can not be read from outside TB When ever Thunderbird wants to check if there are new messages it will send a request to the mail-server, which will answer and ask for a password. This is then sent encrypted. The server acknowledge and download begins. At the end TB thanks the server and closes the connection. The password is not used again until next time TB checks for new arrivals. How often it will do that can be set in Account settings / server settings (The server thou, limits the number of calls/h.) All the time in between there are no communication and no open connections.

Your biggest risk when in Thunderbird is to open an attachment that's malicious or clicking on a false link.

The Thunderbird password is to prevent any that physically get their hands on your PC to run TB and there open and read the account-pws. If you loose it you have to enter all your account-pws again.

A strong firewall and a good Antivirus program is your best safeguard

由Gnospen于修改

more options

Thank you for your answer!

I see. So unless someone else is behind my Mac by themselves I have nothing to fear regarding the password Thunderbird uses to open my email? That was really my biggest fear, that during the connection someone from outside could hack the connection due to site/cookies that are open in browser.

[Your biggest risk when in Thunderbird is to open an attachment that's malicious or clicking on a false link.] May I ask about this - you mean risk that something bad drops into my Mac, not that it steals the password? As if it needs to drop in, I have Avira and Malwarebytes manual scanner to find them.

more options

Privacy basics info:

It is safer:

  • not to allow remote content.
  • do not auto use 'Display attachments inline'

Plain text mode strips all formatting, so is regarded as safest mode, but HTML is ok providing you follow basic guidlines.

Be wary of attachments. Be sure they really have come from the person who allegedly sent them as some nefarious people abuse other peoples email addresses trying to con you into opening the emails and attachments.

I've had some emails from a friends email address with attachments which try to mimic jpeg images but in reality these email had been sent by unknown person abusing friends email address and the attachment were really .exe files. Never open anything that is a .exe file. Usually, these emails just do not feel right. It doesn't 'sound' like the person who would normally write to you.

Hover over any links to see the real link shown in bottom Status Bar, before clicking on the link.

more options

BTW... if you select an email in the list of messages and it displays in the lower Message Pane, then this is not a 'preview' as some people may think. Selecting to open in Message Pane, new tab or new window has the same result. The email was opened.

more options

Thank you for replies!

- Don't click on unknown links - Have remote content disabled - And Thunderbird can be open and connect to mail server even when surfing with browser and no one can hack the connection

more options
and no one can hack the connection

As long as you use a secure (i.e. encrypted) connection to the server. That's indicated by a little padlock at your account name in the folder pane.

If the connection isn't encrypted your password is sent in the clear, which is bad.

more options

christ1 said

and no one can hack the connection

As long as you use a secure (i.e. encrypted) connection to the server. That's indicated by a little padlock at your account name in the folder pane.

If the connection isn't encrypted your password is sent in the clear, which is bad.

You mean this little lock? http://i.imgur.com/IMqDQW7.png

My outgoing server settings: http://i.imgur.com/JhI3qQk.png Security settings http://i.imgur.com/Wsmss5Y.png

由Praetorian于修改

more options

It is the use of the term hack that makes me comment.

It is entirely possible if your computer security is por enough or you fall victim of social engineering phishing attack that malicious software can be installed on your computer. One of those things could be a keylogger that logs every keystroke you make.

With one of those things on a computer it is basically the same as if the remote person were sitting looking over your left shoulder all the time and writing down everything you do.

This link http://osxdaily.com/2012/10/10/remote-control-mac-screen-sharing-os-x/ discusses a useful feature of OSX, in the wrong hands however it is not useful but a security risk.

SO Thunderbird does it's best to secure your passwords while they are in motion over the internet, it also offers a master password Protect your Thunderbird passwords with a Primary Password

But the risks you face extend beyond what Thunderbird can do.

But without malicious software on your machine, I am unaware of any way a web site can interact with Thunderbird except by using the mailto: protocol. That is you click a send email button and the web page passes out the details into a Thunderbird compose window. This however does just what it says on the box and the risks of clicking on mailto links are very very small. I am not aware of any instance where they have been used maliciously.

more options

Thank you for your reply!

I am very paranoid, coming from Windows, so all those sharing services in Mac are shut down and I have Avira for antivirus and Malwarebytes for occasional scanning.

I also try to install only very needed or well known apps.

I was afraid about the connection between TB and mail server because that's something I can't control or know much about. But your answer put my fears to rest again. Thank you.